known-masters-slaves.zeek¶

Known¶

Script for tracking known Modbus masters and slaves.

Todo

This script needs a lot of work. What might be more interesting is to track master/slave relationships based on commands sent and successful (non-exception) responses.

Namespace:	Known
Imports:	base/protocols/modbus

Summary¶

State Variables¶

Known::modbus_nodes: set &create_expire = 1.0 day &redef The Modbus nodes being tracked.

Types¶

`Known::ModbusDeviceType`: `enum`
`Known::ModbusInfo`: `record`

Redefinitions¶

Log::ID: enum

Events¶

Known::log_known_modbus: event Event that can be handled to access the loggable record as it is sent on to the logging framework.

Detailed Interface¶

State Variables¶

Known::modbus_nodes¶

Type:	`set` [`addr`, `Known::ModbusDeviceType`]
Attributes:	`&create_expire` = `1.0 day` `&redef`
Default:	`{}`

The Modbus nodes being tracked.

Types¶

Known::ModbusDeviceType¶

Type:

enum

Known::MODBUS_MASTER¶

Known::MODBUS_SLAVE¶

Known::ModbusInfo¶

Type:

record

ts: time &log: The time the device was discovered.
host: addr &log: The IP address of the host.
device_type: Known::ModbusDeviceType &log: The type of device being tracked.

Events¶

Known::log_known_modbus¶

Type:	`event` (rec: `Known::ModbusInfo`)

Event that can be handled to access the loggable record as it is sent on to the logging framework.