policy/protocols/modbus/track-memmap.zeek¶
- Modbus¶
This script tracks the memory map of holding (read/write) registers and logs changes as they are discovered.
Todo
Not all register read and write functions are supported yet.
- Namespace
Modbus
- Imports
Summary¶
Runtime Options¶
The hosts that should have memory mapping enabled. |
State Variables¶
The memory map of slaves is tracked with this variable. |
Types¶
Indexed on the device register value and yielding the register value. |
Redefinitions¶
|
Events¶
This event is generated every time a register is seen to be different than it was previously seen to be. |
Hooks¶
Detailed Interface¶
Runtime Options¶
- Modbus::track_memmap¶
-
The hosts that should have memory mapping enabled.
State Variables¶
- Modbus::device_registers¶
- Type
table
[addr
] ofModbus::Registers
- Default
{}
The memory map of slaves is tracked with this variable.
Types¶
- Modbus::MemmapInfo¶
- Type
-
- ts:
time
&log
Timestamp for the detected register change.
- uid:
string
&log
Unique ID for the connection.
- id:
conn_id
&log
Connection ID.
- register:
count
&log
The device memory offset.
- old_val:
count
&log
The old value stored in the register.
- new_val:
count
&log
The new value stored in the register.
- delta:
interval
&log
The time delta between when the old_val and new_val were seen.
- ts:
- Modbus::Registers¶
- Type
Indexed on the device register value and yielding the register value.
Events¶
- Modbus::changed_register¶
-
This event is generated every time a register is seen to be different than it was previously seen to be.