policy/protocols/modbus/known-masters-slaves.zeek

Known

Script for tracking known Modbus masters and slaves.

Todo

This script needs a lot of work. What might be more interesting is to track master/slave relationships based on commands sent and successful (non-exception) responses.

Namespace:Known
Imports:base/protocols/modbus

Summary

State Variables

Known::modbus_nodes: set &create_expire = 1.0 day &redef The Modbus nodes being tracked.

Redefinitions

Log::ID: enum  

Events

Known::log_known_modbus: event Event that can be handled to access the loggable record as it is sent on to the logging framework.

Detailed Interface

State Variables

Known::modbus_nodes
Type:set [addr, Known::ModbusDeviceType]
Attributes:&create_expire = 1.0 day &redef
Default:{}

The Modbus nodes being tracked.

Types

Known::ModbusDeviceType
Type:

enum

Known::MODBUS_MASTER
Known::MODBUS_SLAVE
Known::ModbusInfo
Type:

record

ts: time &log

The time the device was discovered.

host: addr &log

The IP address of the host.

device_type: Known::ModbusDeviceType &log

The type of device being tracked.

Events

Known::log_known_modbus
Type:event (rec: Known::ModbusInfo)

Event that can be handled to access the loggable record as it is sent on to the logging framework.