misp-objects/objects/gtp-attack/definition.json

100 lines
2.6 KiB
JSON
Raw Normal View History

{
"attributes": {
"GtpImei": {
"description": "GTP IMEI (International Mobile Equipment Identity).",
"misp-attribute": "text",
"ui-priority": 1
},
"GtpImsi": {
"description": "GTP IMSI (International mobile subscriber identity).",
"misp-attribute": "text",
"ui-priority": 1
},
"GtpInterface": {
"description": "GTP interface.",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
"sane_default": [
"S5",
"S11",
"S10",
2018-01-05 14:26:28 +01:00
"S8",
"Gn",
"Gp"
],
"ui-priority": 1
},
"GtpMessageType": {
"description": "GTP defines a set of messages between two associated GSNs or an SGSN and an RNC. Message type is described as a decimal value.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"GtpMsisdn": {
"description": "GTP MSISDN.",
"misp-attribute": "text",
"ui-priority": 1
},
"GtpServingNetwork": {
"description": "GTP Serving Network.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"GtpVersion": {
"description": "GTP version",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"0",
"1",
"2"
],
"ui-priority": 0
},
"PortDest": {
"description": "Destination port.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"PortSrc": {
"description": "Source port.",
"disable_correlation": true,
"misp-attribute": "port",
"ui-priority": 0
},
"first-seen": {
"description": "When the attack has been seen for the first time.",
"disable_correlation": true,
"misp-attribute": "datetime",
"ui-priority": 0
},
"ipDest": {
"description": "IP destination address.",
"misp-attribute": "ip-dst",
"ui-priority": 0
},
"ipSrc": {
"description": "IP source address.",
"misp-attribute": "ip-src",
"ui-priority": 0
},
"text": {
"description": "A description of the GTP attack.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
}
},
"description": "GTP attack object as attack as seen on the GTP signaling protocol supporting GPRS/LTE networks.",
"meta-category": "network",
"name": "gtp-attack",
"requiredOneOf": [
"text"
],
"uuid": "6b3c48d2-0ca6-4608-9c36-455105439145",
"version": 4
}