From efd30b3e719c3592636085e6ce0d68d278c9d150 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Sun, 8 Jan 2017 15:38:49 +0100
Subject: [PATCH 1/6] source-code-repository as source added

---
 osint/machinetag.json | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/osint/machinetag.json b/osint/machinetag.json
index 20c3cf8..30f04c5 100644
--- a/osint/machinetag.json
+++ b/osint/machinetag.json
@@ -34,6 +34,10 @@
           "expanded": "Block or Filter List",
           "value": "block-or-filter-list"
         },
+        {
+          "expanded": "Source code repository",
+          "value": "source-code-repository"
+        },
         {
           "expanded": "Expansion",
           "value": "expansion"
@@ -106,7 +110,7 @@
   ],
   "namespace": "osint",
   "description": "Open Source Intelligence - Classification (MISP taxonomies)",
-  "version": 4,
+  "version": 5,
   "predicates": [
     {
       "value": "source-type",

From 4e284c267d118c402795d39e522142047f5162c2 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Sun, 8 Jan 2017 15:40:38 +0100
Subject: [PATCH 2/6] MANIFEST updated

---
 MANIFEST.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/MANIFEST.json b/MANIFEST.json
index 6f4b4c4..3715d85 100644
--- a/MANIFEST.json
+++ b/MANIFEST.json
@@ -1,5 +1,5 @@
 {
-  "version": "20170104",
+  "version": "20170108",
   "license": "CC-0",
   "description": "Manifest file of MISP taxonomies available.",
   "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/master/",
@@ -133,7 +133,7 @@
     {
       "description": "Open Source Intelligence - Classification (MISP taxonomies).",
       "name": "osint",
-      "version": 4
+      "version": 5
     },
     {
       "description": "The Permissible Actions Protocol - or short: PAP - was designed to indicate how the received information can be used.",

From 8c5096b8d3f763cb3552bf2e3cf15474f8cdc863 Mon Sep 17 00:00:00 2001
From: Georges Bossert <georges.bossert@inthreat.com>
Date: Mon, 9 Jan 2017 13:21:14 +0100
Subject: [PATCH 3/6] Typo fix: replaces weaponiSation by weaponiZation

The official term (see. http://www.lockheedmartin.com/us/what-we-do/aerospace-defense/cyber/cyber-kill-chain.html) relies on the American/Oxford
spelling.
---
 kill-chain/machinetag.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kill-chain/machinetag.json b/kill-chain/machinetag.json
index c18ad3c..49fb1a7 100644
--- a/kill-chain/machinetag.json
+++ b/kill-chain/machinetag.json
@@ -9,7 +9,7 @@
       "expanded": "Research, identification and selection of targets, often represented as crawling Internet websites such as conference proceedings and mailing lists for email addresses, social relationships, or information on specific technologies."
     },
     {
-      "value": "Weaponisation",
+      "value": "Weaponization",
       "expanded": "Coupling a remote access trojan with an exploit into a deliverable payload, typically by means of an automated tool (weaponizer). Increasingly, client application data files such as Adobe Portable Document Format (PDF) or Microsoft Office documents serve as the weaponized deliverable."
     },
     {

From 2b47a7111079856ad9e4d99ebe837ad28ce06f67 Mon Sep 17 00:00:00 2001
From: Georges Bossert <georges.bossert@inthreat.com>
Date: Mon, 9 Jan 2017 13:25:55 +0100
Subject: [PATCH 4/6] Upgrade version number from 1 to 2 in cyber killchain
 taxo.

---
 kill-chain/machinetag.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kill-chain/machinetag.json b/kill-chain/machinetag.json
index 49fb1a7..d499cbc 100644
--- a/kill-chain/machinetag.json
+++ b/kill-chain/machinetag.json
@@ -2,7 +2,7 @@
   "namespace": "kill-chain",
   "expanded": "Cyber Kill Chain",
   "description": "The Cyber Kill Chain, a phase-based model developed by Lockheed Martin, aims to help categorise and identify the stage of an attack.",
-  "version": 1,
+  "version": 2,
   "predicates": [
     {
       "value": "Reconnaissance",

From 2ef73925555a77008674322271fde949904d2f03 Mon Sep 17 00:00:00 2001
From: Hannah Ward <Hannah.ward9001@gmail.com>
Date: Fri, 20 Jan 2017 09:35:28 +0000
Subject: [PATCH 5/6] Update machinetag to allow running from any directory

---
 tools/machinetag.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/tools/machinetag.py b/tools/machinetag.py
index 7d883a5..bd685cb 100755
--- a/tools/machinetag.py
+++ b/tools/machinetag.py
@@ -32,8 +32,12 @@ import argparse
 import os
 
 taxonomies = []
-for folder in os.listdir('../'):
-    if os.path.isfile(os.path.join('../', folder, 'machinetag.json')):
+
+# Get our current directory from file location
+thisDir = os.path.dirname(__file__)
+
+for folder in os.listdir(os.path.join(thisDir, '../')):
+    if os.path.isfile(os.path.join(thisDir, '../', folder, 'machinetag.json')):
         taxonomies.append(folder)
 argParser = argparse.ArgumentParser(description='Dump Machine Tags (Triple Tags) from MISP taxonomies', epilog='Available taxonomies are {0}'.format(taxonomies))
 argParser.add_argument('-e', action='store_true', help='Include expanded tags')
@@ -83,7 +87,7 @@ def machineTag(namespace=False, predicate=False, value=None):
         return (u'{0}:{1}=\"{2}\"'.format(namespace, predicate, value))
 
 for taxonomy in taxonomies:
-    filename = os.path.join("../", taxonomy, "machinetag.json")
+    filename = os.path.join(thisDir, "../", taxonomy, "machinetag.json")
     with open(filename) as fp:
         t = json.load(fp)
     namespace = t['namespace']

From 14cf779bf348adbe29926b2527f0a8d394515fa2 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Sun, 29 Jan 2017 14:34:42 +0100
Subject: [PATCH 6/6] Diamond model added to the README and MANIFEST

---
 MANIFEST.json | 7 ++++++-
 README.md     | 6 ++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/MANIFEST.json b/MANIFEST.json
index 3715d85..1520051 100644
--- a/MANIFEST.json
+++ b/MANIFEST.json
@@ -1,5 +1,5 @@
 {
-  "version": "20170108",
+  "version": "20170129",
   "license": "CC-0",
   "description": "Manifest file of MISP taxonomies available.",
   "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/master/",
@@ -35,6 +35,11 @@
       "name": "dhs-ciip-sectors",
       "version": 2
     },
+    {
+      "description": "The Diamond Model for Intrusion Analysis, a phase-based model developed by Lockheed Martin, aims to help categorise and identify the stage of an attack.",
+      "name": "diamond-model",
+      "version": 1
+    },
     {
       "description": "ISM (Information Security Marking Metadata) V13 as described by DNI.gov (Director of National Intelligence - US).",
       "name": "dni-ism",
diff --git a/README.md b/README.md
index 1aed8d6..c7f23e9 100644
--- a/README.md
+++ b/README.md
@@ -16,6 +16,7 @@ The following taxonomies are described:
 - [Cyber Kill Chain](./kill-chain) from Lockheed Martin
 - DE German (DE) [Government classification markings (VS)](./de-vs)
 - [DHS CIIP Sectors](./dhs-ciip-sectors)
+- [Diamond Model for Intrusion Analysis](./diamond-model)
 - [Domain Name Abuse](./domain-abuse)
 - [eCSIRT](./ecsirt) and IntelMQ incident classification
 - [ENISA](./enisa) ENISA Threat Taxonomy
@@ -64,6 +65,11 @@ Taxonomy for the handling of protectively marked information in MISP with German
 
 DHS critical sectors as described in https://www.dhs.gov/critical-infrastructure-sectors.
 
+### [Diamond Model for Intrusion Analysis](./diamond-model)
+
+The Diamond Model for Intrusion Analysis, a phase-based model developed by Lockheed Martin, aims to help categorise and identify the stage of an attack
+as described in [http://www.activeresponse.org/wp-content/uploads/2013/07/diamond.pdf](http://www.activeresponse.org/wp-content/uploads/2013/07/diamond.pdf).
+
 ### [Domain Name Abuse](./domain-abuse)
 
 Taxonomy to tag domain names used for cybercrime.