Skip to content

Latest commit

 

History

History
executable file
·
45 lines (37 loc) · 2.33 KB

README.md

File metadata and controls

executable file
·
45 lines (37 loc) · 2.33 KB

ICSNPP

Industrial Control Systems Network Protocol Parsers (ICSNPP)

Industrial Control Systems protocol parsers plugins for the Zeek network security monitoring framework. Currently we have seven fully developed protocol parsers and two extension scripts. If there are any other ICS protocol parsers you would like to see, please let us know via GitHub issue!

ICSNPP Packages

All ICSNPP Packages:

Full ICS Protocol Parsers:

  • BACnet
    • Full Zeek protocol parser for BACnet (Building Control and Automation)
  • BSAP
    • Full Zeek protocol parser for BSAP (Bristol Standard Asynchronous Protocol) over IP
    • Full Zeek protocol parser for BSAP Serial comm converted using serial tap device
  • Ethercat
    • Full Zeek protocol parser for Ethercat
  • Ethernet/IP and CIP
    • Full Zeek protocol parser for Ethernet/IP and CIP
  • GE-SRTP
    • Zeek protocol parser for GE-SRTP
  • Genisys
    • Full Zeek protocol parser for Genisys
  • HART-IP
    • Zeek protocol parser for HART-IP
  • OPCUA-Binary
    • Full Zeek protocol parser for OPC UA (OPC Unified Architecture) - Binary
  • S7Comm
    • Full Zeek protocol parser for S7comm, S7comm-plus, and COTP
  • Synchrophasor
    • Full Zeek protocol parser for Synchrophasor Data Transfer for Power Systems (C37.118)
  • Profinet IO CM
    • Full Zeek protocol parser for Profinet I/O Context Manager

Updates to Zeek ICS Protocol Parsers:

  • DNP3
    • DNP3 Zeek script extending logging capabilities of Zeek's default DNP3 protocol parser
  • Modbus
    • Modbus Zeek script extending logging capabilities of Zeek's default Modbus protocol parser

License

Copyright 2023 Battelle Energy Alliance, LLC. Released under the terms of the 3-Clause BSD License (see LICENSE.txt).