known-masters-slaves.zeek¶

Known¶

Script for tracking known Modbus masters and slaves.

Todo

This script needs a lot of work. What might be more interesting is to track master/slave relationships based on commands sent and successful (non-exception) responses.

Namespace: Known
Imports: base/protocols/modbus

Summary¶

State Variables¶

Known::modbus_nodes: set &create_expire = 1.0 day &redef

The Modbus nodes being tracked.

Types¶

`Known::ModbusDeviceType`: `enum`
`Known::ModbusInfo`: `record`

Redefinitions¶

Log::ID: enum

Known::MODBUS_LOG

Events¶

Known::log_known_modbus: event

Event that can be handled to access the loggable record as it is sent on to the logging framework.

Hooks¶

Known::log_policy_modbus: Log::PolicyHook

Detailed Interface¶

State Variables¶

Known::modbus_nodes ¶

Type: set [addr, Known::ModbusDeviceType]
Attributes: &create_expire = 1.0 day &redef
Default: {}

The Modbus nodes being tracked.

Types¶

Known::ModbusDeviceType ¶

Type

enum

Known::MODBUS_MASTER¶

Known::MODBUS_SLAVE¶

Known::ModbusInfo ¶

Type

record

ts: time &log: The time the device was discovered.
host: addr &log: The IP address of the host.
device_type: Known::ModbusDeviceType &log: The type of device being tracked.

Events¶

Known::log_known_modbus ¶

Type: event (rec: Known::ModbusInfo)

Event that can be handled to access the loggable record as it is sent on to the logging framework.

Hooks¶

Known::log_policy_modbus ¶

Type: Log::PolicyHook