diff --git a/README.md b/README.md index c80d2ba..84a820e 100644 --- a/README.md +++ b/README.md @@ -146,7 +146,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID - [objects/dark-pattern-item](https://github.com/MISP/misp-objects/blob/main/objects/dark-pattern-item/definition.json) - An Item whose User Interface implements a dark pattern. - [objects/ddos](https://github.com/MISP/misp-objects/blob/main/objects/ddos/definition.json) - DDoS object describes a current DDoS activity from a specific or/and to a specific target. Type of DDoS can be attached to the object as a taxonomy. - [objects/device](https://github.com/MISP/misp-objects/blob/main/objects/device/definition.json) - An object to define a device. -- [objects/diameter-attack](https://github.com/MISP/misp-objects/blob/main/objects/diameter-attack/definition.json) - Attack as seen on diameter authentication against a GSM, UMTS or LTE network. +- [objects/diameter-attack](https://github.com/MISP/misp-objects/blob/main/objects/diameter-attack/definition.json) - Attack as seen on the diameter signaling protocol supporting LTE networks. - [objects/dkim](https://github.com/MISP/misp-objects/blob/main/objects/dkim/definition.json) - DomainKeys Identified Mail - DKIM. - [objects/dns-record](https://github.com/MISP/misp-objects/blob/main/objects/dns-record/definition.json) - A set of DNS records observed for a specific domain. - [objects/domain-crawled](https://github.com/MISP/misp-objects/blob/main/objects/domain-crawled/definition.json) - A domain crawled over time. @@ -224,7 +224,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID - [objects/git-vuln-finder](https://github.com/MISP/misp-objects/blob/main/objects/git-vuln-finder/definition.json) - Export from git-vuln-finder. - [objects/github-user](https://github.com/MISP/misp-objects/blob/main/objects/github-user/definition.json) - GitHub user. - [objects/gitlab-user](https://github.com/MISP/misp-objects/blob/main/objects/gitlab-user/definition.json) - GitLab user. Gitlab.com user or self-hosted GitLab instance. -- [objects/gtp-attack](https://github.com/MISP/misp-objects/blob/main/objects/gtp-attack/definition.json) - GTP attack object as seen on a GSM, UMTS or LTE network. +- [objects/gtp-attack](https://github.com/MISP/misp-objects/blob/main/objects/gtp-attack/definition.json) - GTP attack object as attack as seen on the GTP signaling protocol supporting GPRS/LTE networks. - [objects/hashlookup](https://github.com/MISP/misp-objects/blob/main/objects/hashlookup/definition.json) - hashlookup object as described on hashlookup services from circl.lu - https://www.circl.lu/services/hashlookup. - [objects/http-request](https://github.com/MISP/misp-objects/blob/main/objects/http-request/definition.json) - A single HTTP request header. - [objects/ilr-impact](https://github.com/MISP/misp-objects/blob/main/objects/ilr-impact/definition.json) - Institut Luxembourgeois de Regulation - Impact. @@ -331,7 +331,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID - [objects/shortened-link](https://github.com/MISP/misp-objects/blob/main/objects/shortened-link/definition.json) - Shortened link and its redirect target. - [objects/social-media-group](https://github.com/MISP/misp-objects/blob/main/objects/social-media-group/definition.json) - Social media group object template describing a public or private group or channel. - [objects/splunk](https://github.com/MISP/misp-objects/blob/main/objects/splunk/definition.json) - Splunk / Splunk ES object. -- [objects/ss7-attack](https://github.com/MISP/misp-objects/blob/main/objects/ss7-attack/definition.json) - SS7 object of an attack seen on a GSM, UMTS or LTE network via SS7 logging. +- [objects/ss7-attack](https://github.com/MISP/misp-objects/blob/main/objects/ss7-attack/definition.json) - SS7 object of an attack as seen on the SS7 signaling protocol supporting GSM/GPRS/UMTS networks. - [objects/ssh-authorized-keys](https://github.com/MISP/misp-objects/blob/main/objects/ssh-authorized-keys/definition.json) - An object to store ssh authorized keys file. - [objects/stix2-pattern](https://github.com/MISP/misp-objects/blob/main/objects/stix2-pattern/definition.json) - An object describing a STIX pattern. The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a STIX pattern. - [objects/submarine](https://github.com/MISP/misp-objects/blob/main/objects/submarine/definition.json) - Submarine description. diff --git a/objects/ss7-attack/definition.json b/objects/ss7-attack/definition.json index fc9be03..2bad2c8 100644 --- a/objects/ss7-attack/definition.json +++ b/objects/ss7-attack/definition.json @@ -46,6 +46,53 @@ "description": "MAP application context in OID format.", "disable_correlation": true, "misp-attribute": "text", + "sane_default": [ + "4.0.0.1.0.1. - networkLocUp", + "4.0.0.1.0.2. - locationCancel", + "4.0.0.1.0.3. - roamingNbEnquiry", + "4.0.0.1.0.22. - subscriberDataModificationNotification", + "4.0.0.1.0.6. - callControlTransfer", + "4.0.0.1.0.16. - subscriberDataMngt", + "4.0.0.1.0.46. - vcsgLocationUpdate", + "4.0.0.1.0.15. - interVlrInfoRetrieval", + "4.0.0.1.0.18. - networkFunctionalSs", + "4.0.0.1.0.39. - authenticationFailureReport", + "4.0.0.1.0.44. - resourceMngt", + "4.0.0.1.0.41. - shortMsgMT_VGCS_Relay", + "4.0.0.1.0.5. - locInfoRetrieval", + "4.0.0.1.0.32. - gprsLocationUpdate", + "4.0.0.1.0.33. - gprsLocationInfoRetrieval", + "4.0.0.1.0.34. - failureReport", + "4.0.0.1.0.35. - gprsNotify", + "4.0.0.1.0.11. - handoverControl", + "4.0.0.1.0.12. - sIWFSAllocation", + "4.0.0.1.0.47. - vcsgLocationCancel", + "4.0.0.1.0.10. - reset", + "4.0.0.1.0.31. - groupCallControl", + "4.0.0.1.0.13. - equipmentMngt", + "4.0.0.1.0.25. - shortMsgMT_Relay", + "4.0.0.1.0.20. - shortMsgGateway", + "4.0.0.1.0.21. - shortMsgMO_Relay", + "4.0.0.1.0.24. - mwdMngt", + "4.0.0.1.0.23. - shortMsgAlert", + "4.0.0.1.0.17. - tracing", + "4.0.0.1.0.14. - infoRetrieval", + "4.0.0.1.0.26. - imsiRetrieval", + "4.0.0.1.0.19. - networkUnstructuredSs", + "4.0.0.1.0.43. - anyTimeInfoHandling", + "4.0.0.1.0.4. - istAlerting", + "4.0.0.1.0.27. - msPurging", + "4.0.0.1.0.28. - subscriberInfoEnquiry", + "4.0.0.1.0.29. - anyTimeEnquiry", + "4.0.0.1.0.36. - ss_InvocationNotification", + "4.0.0.1.0.7. - reporting", + "4.0.0.1.0.8. - callCompletion", + "4.0.0.1.0.38. - locationSvcEnquiry", + "4.0.0.1.0.45. - groupCallInfoRetrieval", + "4.0.0.1.0.37. - locationSvcGateway", + "4.0.0.1.0.9. - ServiceTermination", + "4.0.0.1.0.42. - mm_EventReporting" + ], "ui-priority": 0 }, "MapGmlc": { @@ -79,6 +126,90 @@ "description": "MAP operation codes - Decimal value between 0-99.", "disable_correlation": true, "misp-attribute": "text", + "sane_default": [ + "updateLocation - 2", + "cancelLocation - 3", + "provideRoamingNumber - 4", + "noteSubscriberDataModified - 5", + "resumeCallHandling - 6", + "insertSubscriberData - 7", + "deleteSubscriberData - 8", + "sendParameters - 9", + "registerSS - 10", + "eraseSS - 11", + "activateSS - 12", + "deactivateSS - 13", + "interrogateSS - 14", + "authenticationFailureReport - 15", + "registerPassword - 17", + "getPassword - 18", + "processUnstructuredSS_Data - 19", + "releaseResources - 20", + "mt_ForwardSM_VGCS - 21", + "sendRoutingInfo - 22", + "updateGprsLocation - 23", + "sendRoutingInfoForGprs - 24", + "failureReport - 25", + "noteMsPresentForGprs - 26", + "performHandover - 28", + "sendEndSignal - 29", + "performSubsequentHandover - 30", + "provideSIWFSNumber - 31", + "siwfs_SignallingModify - 32", + "processAccessSignalling - 33", + "forwardAccessSignalling - 34", + "noteInternalHandover - 35", + "cancelVcsgLocation - 36", + "reset_ - 37", + "forwardCheckSsIndication - 38", + "prepareGroupCall - 39", + "sendGroupCallEndSignal - 40", + "processGroupCallSignalling - 41", + "forwardGroupCallSignalling - 42", + "checkIMEI - 43", + "mt_forwardSM - 44", + "sendRoutingInfoForSM - 45", + "mo_forwardSM - 46", + "forwardSM - 46", + "reportSmDeliveryStatus - 47", + "noteSubscriberPresent - 48", + "alertServiceCentreWithoutResult - 49", + "activateTraceMode - 50", + "deactivateTraceMode - 51", + "traceSubscriberActivity - 52", + "updateVcsgLocation - 53", + "beginSubscriberActivity - 54", + "sendIdentification - 55", + "sendAuthenticationInfo - 56", + "restoreData - 57", + "sendIMSI - 58", + "processUnstructuredSS_Request - 59", + "unstructuredSS_Request - 60", + "unstructuredSS_Notify - 61", + "anyTimeSubscriptionInterrogation - 62", + "informServiceCentre - 63", + "alertServiceCentre - 64", + "anyTimeModification - 65", + "readyForSM - 66", + "purgeMS - 67", + "prepareHandover - 68", + "prepareSubsequentHandover - 69", + "provideSubscriberInfo - 70", + "anyTimeInterrogation - 71", + "ss_Invocation_Notification - 72", + "setReportingState - 73", + "statusReport - 74", + "remoteUserFree - 75", + "registerCC_Entry - 76", + "eraseCC_Entry - 77", + "provideSubscriberLocation - 83", + "sendGroupCallInfo - 84", + "sendRoutingInfoForLCS - 85", + "subscriberLocationReport - 86", + "istAlert - 87", + "istCommand - 88", + "NoteMM_Event - 89" + ], "ui-priority": 0 }, "MapSmsTP-DCS": {