policy/protocols/modbus/known-masters-slaves.zeek

Known

Script for tracking known Modbus masters and slaves.

Todo

This script needs a lot of work. What might be more interesting is to track master/slave relationships based on commands sent and successful (non-exception) responses.

Namespace

Known

Imports

base/protocols/modbus

Summary

State Variables

Known::modbus_nodes: set &create_expire = 1.0 day &redef

The Modbus nodes being tracked.

Types

Known::ModbusDeviceType: enum

Known::ModbusInfo: record

Redefinitions

Log::ID: enum

Events

Known::log_known_modbus: event

Event that can be handled to access the loggable record as it is sent on to the logging framework.

Hooks

Known::log_policy_modbus: Log::PolicyHook

Detailed Interface

State Variables

Known::modbus_nodes
Type

set [addr, Known::ModbusDeviceType]

Attributes

&create_expire = 1.0 day &redef

Default

{}

The Modbus nodes being tracked.

Types

Known::ModbusDeviceType
Type

enum

Known::MODBUS_MASTER
Known::MODBUS_SLAVE
Known::ModbusInfo
Type

record

ts: time &log

The time the device was discovered.

host: addr &log

The IP address of the host.

device_type: Known::ModbusDeviceType &log

The type of device being tracked.

Events

Known::log_known_modbus
Type

event (rec: Known::ModbusInfo)

Event that can be handled to access the loggable record as it is sent on to the logging framework.

Hooks

Known::log_policy_modbus
Type

Log::PolicyHook