From ecd5f9b72d140aa9279cdbccd19dd327afb285ba Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Tue, 19 Dec 2017 17:58:35 +0100
Subject: [PATCH] fix: misp tool added (misp2stix) to be used as label

---
 MANIFEST.json        |  2 +-
 misp/machinetag.json | 16 +++++++++++++++-
 2 files changed, 16 insertions(+), 2 deletions(-)
 mode change 100644 => 100755 misp/machinetag.json

diff --git a/MANIFEST.json b/MANIFEST.json
index 942ac6f..84f0d17 100644
--- a/MANIFEST.json
+++ b/MANIFEST.json
@@ -156,7 +156,7 @@
       "description": "Malware classification based on a SANS whitepaper about malware."
     },
     {
-      "version": 3,
+      "version": 5,
       "name": "misp",
       "description": "Internal MISP taxonomy."
     },
diff --git a/misp/machinetag.json b/misp/machinetag.json
old mode 100644
new mode 100755
index feefe46..2fef916
--- a/misp/machinetag.json
+++ b/misp/machinetag.json
@@ -36,6 +36,15 @@
         }
       ]
     },
+    {
+      "predicate": "tool",
+      "entry": [
+        {
+          "expanded": "misp2stix",
+          "value": "misp2stix"
+        }
+      ]
+    },
     {
       "predicate": "confidence-level",
       "entry": [
@@ -130,9 +139,14 @@
       "description": "Event with this tag should not be synced to other MISP instances",
       "expanded": "Should not sync",
       "value": "should-not-sync"
+    },
+    {
+      "description": "Tool associated with the information taggged",
+      "expanded": "Tool",
+      "value": "tool"
     }
   ],
-  "version": 4,
+  "version": 5,
   "description": "MISP taxonomy to infer with MISP behavior or operation.",
   "expanded": "MISP",
   "namespace": "misp"