From 6d575d8fb889c3d8c7e43c9716a077a18f17be09 Mon Sep 17 00:00:00 2001
From: Carlos Borges <hackunagi@users.noreply.github.com>
Date: Tue, 23 Feb 2021 20:18:24 -0300
Subject: [PATCH 1/3] Creation of IOC taxonomy

The IOC taxonomy was created to address automation needs.
As we share IoC's, some of them are not malicious in nature, but it's presence can point to something malicious happening.
For automation purposes, the use of data classification helps when you need to block something or not.
---
 ioc/machinetag.json | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 ioc/machinetag.json

diff --git a/ioc/machinetag.json b/ioc/machinetag.json
new file mode 100644
index 0000000..fe19696
--- /dev/null
+++ b/ioc/machinetag.json
@@ -0,0 +1,26 @@
+{
+  "namespace": "ioc",
+  "description": "An IOC classification to facilitate automation of malicious and non malicious artifacts",
+  "version": 1,
+  "predicates": [
+    {
+      "value": "artifact-state",
+      "expanded": "Artifact State"
+    }
+  ],
+  "values": [
+    {
+      "predicate": "artifact state",
+      "entry": [
+        {
+          "value": "malicious",
+          "expanded": "Malicious"
+        },
+        {
+          "value": "not-malicious",
+          "expanded": "Not Malicious"
+        }
+      ]
+    }
+   ]
+}

From a0639dda190a11283dde271eac237bb942a0492d Mon Sep 17 00:00:00 2001
From: Carlos Borges <hackunagi@users.noreply.github.com>
Date: Tue, 23 Feb 2021 20:22:54 -0300
Subject: [PATCH 2/3] Creation of CTI taxonomy

The CTI taxonomy follows a standard process/cycle.
This classification helps teams to control the workflow of their activities
---
 cti/machinetag.json | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 cti/machinetag.json

diff --git a/cti/machinetag.json b/cti/machinetag.json
new file mode 100644
index 0000000..15d78f2
--- /dev/null
+++ b/cti/machinetag.json
@@ -0,0 +1,38 @@
+{
+  "namespace": "cti",
+  "description": "Cyber Threat Intelligence cycle to control workflow state of your process.",
+  "version": 1,
+  "predicates": [
+    {
+      "value": "planning",
+          "description":"CTI requirementes being generated.",
+      "expanded": "Phase"
+    },
+        {
+      "value": "collection",
+          "description":"Data collection initiated.",
+      "expanded": "Phase"
+    },
+        {
+      "value": "processing-and-analysis",
+          "description":"Data is being processed and analyzed",
+      "expanded": "Phase"
+    },
+        {
+      "value": "dissemination-done",
+          "description":"CTI product created and delivered to stakeholders.",
+      "expanded": "Phase"
+    },
+        {
+      "value": "feedback-received",
+          "description":"Feedback received by stakeholders.",
+      "expanded": "Phase"
+    },
+        {
+      "value": "feedback-pending",
+          "description":"Feedback pending by stakeholders.",
+      "expanded": "Phase"
+    }
+
+  ]
+}

From 4ab6661f0a75e9e4cc70aca7e21c00030a06c66e Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Thu, 25 Mar 2021 11:47:26 +0100
Subject: [PATCH 3/3] chg: [cti/ioc] jq and MANIFEST updated

---
 MANIFEST.json       | 10 ++++++++++
 cti/machinetag.json | 23 +++++++++++------------
 ioc/machinetag.json |  2 +-
 3 files changed, 22 insertions(+), 13 deletions(-)

diff --git a/MANIFEST.json b/MANIFEST.json
index ee6bbfb..00a050f 100644
--- a/MANIFEST.json
+++ b/MANIFEST.json
@@ -123,6 +123,11 @@
       "name": "cssa",
       "version": 8
     },
+    {
+      "description": "Cyber Threat Intelligence cycle to control workflow state of your process.",
+      "name": "cti",
+      "version": 1
+    },
     {
       "description": "Current events - Schemes of Classification in Incident Response and Detection",
       "name": "current-event",
@@ -378,6 +383,11 @@
       "name": "interception-method",
       "version": 1
     },
+    {
+      "description": "An IOC classification to facilitate automation of malicious and non malicious artifacts",
+      "name": "ioc",
+      "version": 1
+    },
     {
       "description": "Internet of Things taxonomy, based on IOT UK report https://iotuk.org.uk/wp-content/uploads/2017/01/IOT-Taxonomy-Report.pdf",
       "name": "iot",
diff --git a/cti/machinetag.json b/cti/machinetag.json
index 15d78f2..b618178 100644
--- a/cti/machinetag.json
+++ b/cti/machinetag.json
@@ -5,34 +5,33 @@
   "predicates": [
     {
       "value": "planning",
-          "description":"CTI requirementes being generated.",
+      "description": "CTI requirementes being generated.",
       "expanded": "Phase"
     },
-        {
+    {
       "value": "collection",
-          "description":"Data collection initiated.",
+      "description": "Data collection initiated.",
       "expanded": "Phase"
     },
-        {
+    {
       "value": "processing-and-analysis",
-          "description":"Data is being processed and analyzed",
+      "description": "Data is being processed and analyzed",
       "expanded": "Phase"
     },
-        {
+    {
       "value": "dissemination-done",
-          "description":"CTI product created and delivered to stakeholders.",
+      "description": "CTI product created and delivered to stakeholders.",
       "expanded": "Phase"
     },
-        {
+    {
       "value": "feedback-received",
-          "description":"Feedback received by stakeholders.",
+      "description": "Feedback received by stakeholders.",
       "expanded": "Phase"
     },
-        {
+    {
       "value": "feedback-pending",
-          "description":"Feedback pending by stakeholders.",
+      "description": "Feedback pending by stakeholders.",
       "expanded": "Phase"
     }
-
   ]
 }
diff --git a/ioc/machinetag.json b/ioc/machinetag.json
index fe19696..7523a30 100644
--- a/ioc/machinetag.json
+++ b/ioc/machinetag.json
@@ -22,5 +22,5 @@
         }
       ]
     }
-   ]
+  ]
 }