diff --git a/MANIFEST.json b/MANIFEST.json
index ee6bbfb..00a050f 100644
--- a/MANIFEST.json
+++ b/MANIFEST.json
@@ -123,6 +123,11 @@
       "name": "cssa",
       "version": 8
     },
+    {
+      "description": "Cyber Threat Intelligence cycle to control workflow state of your process.",
+      "name": "cti",
+      "version": 1
+    },
     {
       "description": "Current events - Schemes of Classification in Incident Response and Detection",
       "name": "current-event",
@@ -378,6 +383,11 @@
       "name": "interception-method",
       "version": 1
     },
+    {
+      "description": "An IOC classification to facilitate automation of malicious and non malicious artifacts",
+      "name": "ioc",
+      "version": 1
+    },
     {
       "description": "Internet of Things taxonomy, based on IOT UK report https://iotuk.org.uk/wp-content/uploads/2017/01/IOT-Taxonomy-Report.pdf",
       "name": "iot",
diff --git a/cti/machinetag.json b/cti/machinetag.json
new file mode 100644
index 0000000..b618178
--- /dev/null
+++ b/cti/machinetag.json
@@ -0,0 +1,37 @@
+{
+  "namespace": "cti",
+  "description": "Cyber Threat Intelligence cycle to control workflow state of your process.",
+  "version": 1,
+  "predicates": [
+    {
+      "value": "planning",
+      "description": "CTI requirementes being generated.",
+      "expanded": "Phase"
+    },
+    {
+      "value": "collection",
+      "description": "Data collection initiated.",
+      "expanded": "Phase"
+    },
+    {
+      "value": "processing-and-analysis",
+      "description": "Data is being processed and analyzed",
+      "expanded": "Phase"
+    },
+    {
+      "value": "dissemination-done",
+      "description": "CTI product created and delivered to stakeholders.",
+      "expanded": "Phase"
+    },
+    {
+      "value": "feedback-received",
+      "description": "Feedback received by stakeholders.",
+      "expanded": "Phase"
+    },
+    {
+      "value": "feedback-pending",
+      "description": "Feedback pending by stakeholders.",
+      "expanded": "Phase"
+    }
+  ]
+}
diff --git a/ioc/machinetag.json b/ioc/machinetag.json
new file mode 100644
index 0000000..7523a30
--- /dev/null
+++ b/ioc/machinetag.json
@@ -0,0 +1,26 @@
+{
+  "namespace": "ioc",
+  "description": "An IOC classification to facilitate automation of malicious and non malicious artifacts",
+  "version": 1,
+  "predicates": [
+    {
+      "value": "artifact-state",
+      "expanded": "Artifact State"
+    }
+  ],
+  "values": [
+    {
+      "predicate": "artifact state",
+      "entry": [
+        {
+          "value": "malicious",
+          "expanded": "Malicious"
+        },
+        {
+          "value": "not-malicious",
+          "expanded": "Not Malicious"
+        }
+      ]
+    }
+  ]
+}