Merge pull request #343 from yodresh/master

Update SS7 object & description of telecom objects in the Readme

README.md

@@ -146,7 +146,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
 - [objects/dark-pattern-item](https://github.com/MISP/misp-objects/blob/main/objects/dark-pattern-item/definition.json) - An Item whose User Interface implements a dark pattern.
 - [objects/ddos](https://github.com/MISP/misp-objects/blob/main/objects/ddos/definition.json) - DDoS object describes a current DDoS activity from a specific or/and to a specific target. Type of DDoS can be attached to the object as a taxonomy.
 - [objects/device](https://github.com/MISP/misp-objects/blob/main/objects/device/definition.json) - An object to define a device.
-- [objects/diameter-attack](https://github.com/MISP/misp-objects/blob/main/objects/diameter-attack/definition.json) - Attack as seen on diameter authentication against a GSM, UMTS or LTE network.
+- [objects/diameter-attack](https://github.com/MISP/misp-objects/blob/main/objects/diameter-attack/definition.json) - Attack as seen on the diameter signaling protocol supporting LTE networks.
 - [objects/dkim](https://github.com/MISP/misp-objects/blob/main/objects/dkim/definition.json) - DomainKeys Identified Mail - DKIM.
 - [objects/dns-record](https://github.com/MISP/misp-objects/blob/main/objects/dns-record/definition.json) - A set of DNS records observed for a specific domain.
 - [objects/domain-crawled](https://github.com/MISP/misp-objects/blob/main/objects/domain-crawled/definition.json) - A domain crawled over time.
@@ -224,7 +224,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
 - [objects/git-vuln-finder](https://github.com/MISP/misp-objects/blob/main/objects/git-vuln-finder/definition.json) - Export from git-vuln-finder.
 - [objects/github-user](https://github.com/MISP/misp-objects/blob/main/objects/github-user/definition.json) - GitHub user.
 - [objects/gitlab-user](https://github.com/MISP/misp-objects/blob/main/objects/gitlab-user/definition.json) - GitLab user. Gitlab.com user or self-hosted GitLab instance.
-- [objects/gtp-attack](https://github.com/MISP/misp-objects/blob/main/objects/gtp-attack/definition.json) - GTP attack object as seen on a GSM, UMTS or LTE network.
+- [objects/gtp-attack](https://github.com/MISP/misp-objects/blob/main/objects/gtp-attack/definition.json) - GTP attack object as attack as seen on the GTP signaling protocol supporting GPRS/LTE networks.
 - [objects/hashlookup](https://github.com/MISP/misp-objects/blob/main/objects/hashlookup/definition.json) - hashlookup object as described on hashlookup services from circl.lu - https://www.circl.lu/services/hashlookup.
 - [objects/http-request](https://github.com/MISP/misp-objects/blob/main/objects/http-request/definition.json) - A single HTTP request header.
 - [objects/ilr-impact](https://github.com/MISP/misp-objects/blob/main/objects/ilr-impact/definition.json) - Institut Luxembourgeois de Regulation - Impact.
@@ -331,7 +331,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
 - [objects/shortened-link](https://github.com/MISP/misp-objects/blob/main/objects/shortened-link/definition.json) - Shortened link and its redirect target.
 - [objects/social-media-group](https://github.com/MISP/misp-objects/blob/main/objects/social-media-group/definition.json) - Social media group object template describing a public or private group or channel.
 - [objects/splunk](https://github.com/MISP/misp-objects/blob/main/objects/splunk/definition.json) - Splunk / Splunk ES object.
-- [objects/ss7-attack](https://github.com/MISP/misp-objects/blob/main/objects/ss7-attack/definition.json) - SS7 object of an attack seen on a GSM, UMTS or LTE network via SS7 logging.
+- [objects/ss7-attack](https://github.com/MISP/misp-objects/blob/main/objects/ss7-attack/definition.json) - SS7 object of an attack as seen on the SS7 signaling protocol supporting GSM/GPRS/UMTS networks.
 - [objects/ssh-authorized-keys](https://github.com/MISP/misp-objects/blob/main/objects/ssh-authorized-keys/definition.json) - An object to store ssh authorized keys file.
 - [objects/stix2-pattern](https://github.com/MISP/misp-objects/blob/main/objects/stix2-pattern/definition.json) - An object describing a STIX pattern. The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a STIX pattern.
 - [objects/submarine](https://github.com/MISP/misp-objects/blob/main/objects/submarine/definition.json) - Submarine description.

objects/ss7-attack/definition.json

@@ -46,6 +46,53 @@
       "description": "MAP application context in OID format.",
       "disable_correlation": true,
       "misp-attribute": "text",
+      "sane_default": [
+        "4.0.0.1.0.1. - networkLocUp",
+        "4.0.0.1.0.2. - locationCancel",
+        "4.0.0.1.0.3. - roamingNbEnquiry",
+        "4.0.0.1.0.22. - subscriberDataModificationNotification",
+        "4.0.0.1.0.6. - callControlTransfer",
+        "4.0.0.1.0.16. - subscriberDataMngt",
+        "4.0.0.1.0.46. - vcsgLocationUpdate",
+        "4.0.0.1.0.15. - interVlrInfoRetrieval",
+        "4.0.0.1.0.18. - networkFunctionalSs",
+        "4.0.0.1.0.39. - authenticationFailureReport",
+        "4.0.0.1.0.44. - resourceMngt",
+        "4.0.0.1.0.41. - shortMsgMT_VGCS_Relay",
+        "4.0.0.1.0.5. - locInfoRetrieval",
+        "4.0.0.1.0.32. - gprsLocationUpdate",
+        "4.0.0.1.0.33. - gprsLocationInfoRetrieval",
+        "4.0.0.1.0.34. - failureReport",
+        "4.0.0.1.0.35. - gprsNotify",
+        "4.0.0.1.0.11. - handoverControl",
+        "4.0.0.1.0.12. - sIWFSAllocation",
+        "4.0.0.1.0.47. - vcsgLocationCancel",
+        "4.0.0.1.0.10. - reset",
+        "4.0.0.1.0.31. - groupCallControl",
+        "4.0.0.1.0.13. - equipmentMngt",
+        "4.0.0.1.0.25. - shortMsgMT_Relay",
+        "4.0.0.1.0.20. - shortMsgGateway",
+        "4.0.0.1.0.21. - shortMsgMO_Relay",
+        "4.0.0.1.0.24. - mwdMngt",
+        "4.0.0.1.0.23. - shortMsgAlert",
+        "4.0.0.1.0.17. - tracing",
+        "4.0.0.1.0.14. - infoRetrieval",
+        "4.0.0.1.0.26. - imsiRetrieval",
+        "4.0.0.1.0.19. - networkUnstructuredSs",
+        "4.0.0.1.0.43. - anyTimeInfoHandling",
+        "4.0.0.1.0.4. - istAlerting",
+        "4.0.0.1.0.27. - msPurging",
+        "4.0.0.1.0.28. - subscriberInfoEnquiry",
+        "4.0.0.1.0.29. - anyTimeEnquiry",
+        "4.0.0.1.0.36. - ss_InvocationNotification",
+        "4.0.0.1.0.7. - reporting",
+        "4.0.0.1.0.8. - callCompletion",
+        "4.0.0.1.0.38. - locationSvcEnquiry",
+        "4.0.0.1.0.45. - groupCallInfoRetrieval",
+        "4.0.0.1.0.37. - locationSvcGateway",
+        "4.0.0.1.0.9. - ServiceTermination",
+        "4.0.0.1.0.42. - mm_EventReporting"
+      ],
       "ui-priority": 0
     },
     "MapGmlc": {
@@ -79,6 +126,90 @@
       "description": "MAP operation codes - Decimal value between 0-99.",
       "disable_correlation": true,
       "misp-attribute": "text",
+      "sane_default": [
+        "updateLocation - 2",
+        "cancelLocation - 3",
+        "provideRoamingNumber - 4",
+        "noteSubscriberDataModified - 5",
+        "resumeCallHandling - 6",
+        "insertSubscriberData - 7",
+        "deleteSubscriberData - 8",
+        "sendParameters - 9",
+        "registerSS - 10",
+        "eraseSS - 11",
+        "activateSS - 12",
+        "deactivateSS - 13",
+        "interrogateSS - 14",
+        "authenticationFailureReport - 15",
+        "registerPassword - 17",
+        "getPassword - 18",
+        "processUnstructuredSS_Data - 19",
+        "releaseResources - 20",
+        "mt_ForwardSM_VGCS - 21",
+        "sendRoutingInfo - 22",
+        "updateGprsLocation - 23",
+        "sendRoutingInfoForGprs - 24",
+        "failureReport - 25",
+        "noteMsPresentForGprs - 26",
+        "performHandover - 28",
+        "sendEndSignal - 29",
+        "performSubsequentHandover - 30",
+        "provideSIWFSNumber - 31",
+        "siwfs_SignallingModify - 32",
+        "processAccessSignalling - 33",
+        "forwardAccessSignalling - 34",
+        "noteInternalHandover - 35",
+        "cancelVcsgLocation - 36",
+        "reset_ - 37",
+        "forwardCheckSsIndication - 38",
+        "prepareGroupCall - 39",
+        "sendGroupCallEndSignal - 40",
+        "processGroupCallSignalling - 41",
+        "forwardGroupCallSignalling - 42",
+        "checkIMEI - 43",
+        "mt_forwardSM - 44",
+        "sendRoutingInfoForSM - 45",
+        "mo_forwardSM - 46",
+        "forwardSM - 46",
+        "reportSmDeliveryStatus - 47",
+        "noteSubscriberPresent - 48",
+        "alertServiceCentreWithoutResult - 49",
+        "activateTraceMode - 50",
+        "deactivateTraceMode - 51",
+        "traceSubscriberActivity - 52",
+        "updateVcsgLocation - 53",
+        "beginSubscriberActivity - 54",
+        "sendIdentification - 55",
+        "sendAuthenticationInfo - 56",
+        "restoreData - 57",
+        "sendIMSI - 58",
+        "processUnstructuredSS_Request - 59",
+        "unstructuredSS_Request - 60",
+        "unstructuredSS_Notify - 61",
+        "anyTimeSubscriptionInterrogation - 62",
+        "informServiceCentre - 63",
+        "alertServiceCentre - 64",
+        "anyTimeModification - 65",
+        "readyForSM - 66",
+        "purgeMS - 67",
+        "prepareHandover - 68",
+        "prepareSubsequentHandover - 69",
+        "provideSubscriberInfo - 70",
+        "anyTimeInterrogation - 71",
+        "ss_Invocation_Notification - 72",
+        "setReportingState - 73",
+        "statusReport - 74",
+        "remoteUserFree - 75",
+        "registerCC_Entry - 76",
+        "eraseCC_Entry - 77",
+        "provideSubscriberLocation - 83",
+        "sendGroupCallInfo - 84",
+        "sendRoutingInfoForLCS - 85",
+        "subscriberLocationReport - 86",
+        "istAlert - 87",
+        "istCommand - 88",
+        "NoteMM_Event - 89"
+      ],
       "ui-priority": 0
     },
     "MapSmsTP-DCS": {