diff --git a/clusters/android.json b/clusters/android.json
index c84eeae..22d4903 100644
--- a/clusters/android.json
+++ b/clusters/android.json
@@ -2,6 +2,7 @@
   "authors": [
     "Unknown"
   ],
+  "category": "tool",
   "description": "Android malware galaxy based on multiple open sources.",
   "name": "Android",
   "source": "Open Sources",
diff --git a/clusters/backdoor.json b/clusters/backdoor.json
index a50acdd..8518a70 100644
--- a/clusters/backdoor.json
+++ b/clusters/backdoor.json
@@ -2,6 +2,7 @@
   "authors": [
     "raw-data"
   ],
+  "category": "tool",
   "description": "A list of backdoor malware.",
   "name": "Backdoor",
   "source": "Open Sources",
diff --git a/clusters/banker.json b/clusters/banker.json
index 0937e4f..06dc418 100644
--- a/clusters/banker.json
+++ b/clusters/banker.json
@@ -3,6 +3,7 @@
     "Unknown",
     "raw-data"
   ],
+  "category": "tool",
   "description": "A list of banker malware.",
   "name": "Banker",
   "source": "Open Sources",
diff --git a/clusters/botnet.json b/clusters/botnet.json
index e7d9206..c3ad3ad 100644
--- a/clusters/botnet.json
+++ b/clusters/botnet.json
@@ -2,6 +2,7 @@
   "authors": [
     "Various"
   ],
+  "category": "tool",
   "description": "botnet galaxy",
   "name": "Botnet",
   "source": "MISP Project",
diff --git a/clusters/exploit-kit.json b/clusters/exploit-kit.json
index dc5cd8c..3061344 100644
--- a/clusters/exploit-kit.json
+++ b/clusters/exploit-kit.json
@@ -4,6 +4,7 @@
     "Will Metcalf",
     "KahuSecurity"
   ],
+  "category": "tool",
   "description": "Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits.It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years",
   "name": "Exploit-Kit",
   "source": "MISP Project",
diff --git a/clusters/malpedia.json b/clusters/malpedia.json
index 7f4d3cd..d5fda06 100644
--- a/clusters/malpedia.json
+++ b/clusters/malpedia.json
@@ -5,6 +5,7 @@
     "Andrea Garavaglia",
     "Davide Arcuri"
   ],
+  "category": "tool",
   "description": "Malware galaxy cluster based on Malpedia.",
   "name": "Malpedia",
   "source": "Malpedia",
diff --git a/clusters/microsoft-activity-group.json b/clusters/microsoft-activity-group.json
index e8f7c7f..8538392 100644
--- a/clusters/microsoft-activity-group.json
+++ b/clusters/microsoft-activity-group.json
@@ -2,6 +2,7 @@
   "authors": [
     "Various"
   ],
+  "category": "actor",
   "description": "Activity groups as described by Microsoft",
   "name": "Microsoft Activity Group actor",
   "source": "MISP Project",
diff --git a/clusters/mitre-enterprise-attack-intrusion-set.json b/clusters/mitre-enterprise-attack-intrusion-set.json
index b256c4b..5c206c3 100644
--- a/clusters/mitre-enterprise-attack-intrusion-set.json
+++ b/clusters/mitre-enterprise-attack-intrusion-set.json
@@ -2,6 +2,7 @@
   "authors": [
     "MITRE"
   ],
+  "category": "actor",
   "description": "Name of ATT&CK Group",
   "name": "Enterprise Attack -intrusion Set",
   "source": "https://github.com/mitre/cti",
diff --git a/clusters/mitre-enterprise-attack-malware.json b/clusters/mitre-enterprise-attack-malware.json
index 1306a7d..1158410 100644
--- a/clusters/mitre-enterprise-attack-malware.json
+++ b/clusters/mitre-enterprise-attack-malware.json
@@ -2,6 +2,7 @@
   "authors": [
     "MITRE"
   ],
+  "category": "tool",
   "description": "Name of ATT&CK software",
   "name": "Enterprise Attack - Malware",
   "source": "https://github.com/mitre/cti",
diff --git a/clusters/mitre-enterprise-attack-tool.json b/clusters/mitre-enterprise-attack-tool.json
index e14a2d3..7ae49b3 100644
--- a/clusters/mitre-enterprise-attack-tool.json
+++ b/clusters/mitre-enterprise-attack-tool.json
@@ -2,6 +2,7 @@
   "authors": [
     "MITRE"
   ],
+  "category": "tool",
   "description": "Name of ATT&CK software",
   "name": "Enterprise Attack - Tool",
   "source": "https://github.com/mitre/cti",
diff --git a/clusters/mitre-intrusion-set.json b/clusters/mitre-intrusion-set.json
index c71799d..90c558a 100644
--- a/clusters/mitre-intrusion-set.json
+++ b/clusters/mitre-intrusion-set.json
@@ -2,6 +2,7 @@
   "authors": [
     "MITRE"
   ],
+  "category": "actor",
   "description": "Name of ATT&CK Group",
   "name": "intrusion Set",
   "source": "https://github.com/mitre/cti",
diff --git a/clusters/mitre-malware.json b/clusters/mitre-malware.json
index 3a5e96e..71863f4 100644
--- a/clusters/mitre-malware.json
+++ b/clusters/mitre-malware.json
@@ -2,6 +2,7 @@
   "authors": [
     "MITRE"
   ],
+  "category": "tool",
   "description": "Name of ATT&CK software",
   "name": "Malware",
   "source": "https://github.com/mitre/cti",
diff --git a/clusters/mitre-mobile-attack-intrusion-set.json b/clusters/mitre-mobile-attack-intrusion-set.json
index 2d563f4..4f52b18 100644
--- a/clusters/mitre-mobile-attack-intrusion-set.json
+++ b/clusters/mitre-mobile-attack-intrusion-set.json
@@ -2,6 +2,7 @@
   "authors": [
     "MITRE"
   ],
+  "category": "actor",
   "description": "Name of ATT&CK Group",
   "name": "Mobile Attack - intrusion Set",
   "source": "https://github.com/mitre/cti",
diff --git a/clusters/mitre-mobile-attack-malware.json b/clusters/mitre-mobile-attack-malware.json
index 11befb3..d78f394 100644
--- a/clusters/mitre-mobile-attack-malware.json
+++ b/clusters/mitre-mobile-attack-malware.json
@@ -2,6 +2,7 @@
   "authors": [
     "MITRE"
   ],
+  "category": "tool",
   "description": "Name of ATT&CK software",
   "name": "Mobile Attack - Malware",
   "source": "https://github.com/mitre/cti",
diff --git a/clusters/mitre-mobile-attack-tool.json b/clusters/mitre-mobile-attack-tool.json
index 848eaa4..6805907 100644
--- a/clusters/mitre-mobile-attack-tool.json
+++ b/clusters/mitre-mobile-attack-tool.json
@@ -2,6 +2,7 @@
   "authors": [
     "MITRE"
   ],
+  "category": "tool",
   "description": "Name of ATT&CK software",
   "name": "Mobile Attack - Tool",
   "source": "https://github.com/mitre/cti",
diff --git a/clusters/mitre-pre-attack-intrusion-set.json b/clusters/mitre-pre-attack-intrusion-set.json
index da45a89..94ed408 100644
--- a/clusters/mitre-pre-attack-intrusion-set.json
+++ b/clusters/mitre-pre-attack-intrusion-set.json
@@ -2,6 +2,7 @@
   "authors": [
     "MITRE"
   ],
+  "category": "actor",
   "description": "Name of ATT&CK Group",
   "name": "Pre Attack - intrusion Set",
   "source": "https://github.com/mitre/cti",
diff --git a/clusters/mitre-tool.json b/clusters/mitre-tool.json
index aed7bb1..f428d0d 100644
--- a/clusters/mitre-tool.json
+++ b/clusters/mitre-tool.json
@@ -2,6 +2,7 @@
   "authors": [
     "MITRE"
   ],
+  "category": "tool",
   "description": "Name of ATT&CK software",
   "name": "Tool",
   "source": "https://github.com/mitre/cti",
diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index e30837d..a44901d 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -3,6 +3,7 @@
     "https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml",
     "http://pastebin.com/raw/GHgpWjar"
   ],
+  "category": "tool",
   "description": "Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml and http://pastebin.com/raw/GHgpWjar",
   "name": "Ransomware",
   "source": "Various",
diff --git a/clusters/rat.json b/clusters/rat.json
index fa74895..1612b6e 100644
--- a/clusters/rat.json
+++ b/clusters/rat.json
@@ -3,6 +3,7 @@
     "Various",
     "raw-data"
   ],
+  "category": "tool",
   "description": "remote administration tool or remote access tool (RAT), also called sometimes remote access trojan, is a piece of software or programming that allows a remote \"operator\" to control a system as if they have physical access to that system.",
   "name": "RAT",
   "source": "MISP Project",
diff --git a/clusters/stealer.json b/clusters/stealer.json
index 7af58a1..c54d6c9 100644
--- a/clusters/stealer.json
+++ b/clusters/stealer.json
@@ -2,6 +2,7 @@
   "authors": [
     "raw-data"
   ],
+  "category": "tool",
   "description": "A list of malware stealer.",
   "name": "Stealer",
   "source": "Open Sources",
diff --git a/clusters/tds.json b/clusters/tds.json
index ec09cf0..5865325 100644
--- a/clusters/tds.json
+++ b/clusters/tds.json
@@ -2,6 +2,7 @@
   "authors": [
     "Kafeine"
   ],
+  "category": "tool",
   "description": "TDS is a list of Traffic Direction System used by adversaries",
   "name": "TDS",
   "source": "MISP Project",
diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index db1a795..d53e757 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -6,6 +6,7 @@
     "Timo Steffens",
     "Various"
   ],
+  "category": "actor",
   "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
   "name": "Threat actor",
   "source": "MISP Project",
diff --git a/clusters/tool.json b/clusters/tool.json
index 1465e42..3527545 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -7,6 +7,7 @@
     "Dennis Rand",
     "raw-data"
   ],
+  "category": "tool",
   "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
   "name": "Tool",
   "source": "MISP Project",
diff --git a/schema_clusters.json b/schema_clusters.json
index 1968d6b..4cf095b 100644
--- a/schema_clusters.json
+++ b/schema_clusters.json
@@ -23,6 +23,9 @@
     "source": {
       "type": "string"
     },
+    "category": {
+      "type": "string"
+    },
     "values": {
       "type": "array",
       "uniqueItems": true,