Skip to content
@DINA-community

DINA-community

README.md

About the project

The aim of the Detection and Identification of Network Assets (DINA) project is to improve the information of the active devices and their connections in industrial networks.

Central points to achieve this goal are

  • Connection to Malcolm,
  • Cooperation with INL/CISA,
  • feedback from operators and
  • further development by the community.

In order to make this easier, software is published under licenses such as Apache 2.0 or BSD.

In terms of content, the following focal points arise, which are stored in the respective repositories:

Source of Truth

The asset management tool Netbox serves as a user interface for capturing assets. The "Device Detection and Device Characterization" plugin is provided to enable the import of asset information from other sources (currently operator lists, Malcolm and experimental ML-procedures) into Netbox. This standardizes the information when assigning to the assets during the import process. The standardized information is an important step finding matches within other data bases such as CSAF. Therefore, this feature will be improved and a CSAF-Handler will be the next step in the development.

Interface for different information sources

The Asset Database repository (tbr*) provides tools for processing data from different sources and converting it into a JSON data format. This data format can be imported into Netbox. The functions include:

  • Processing of Malcolm data
  • Processing of PCAPS
  • Data enrichment using ML methods (experimental)
  • Data enrichment via heuristics (planned)
  • Processing of active queries (planned for end 2024)

(* release date yet uncertain because of sudden and unexpected licensing issues with 3rd party libraries)

Passive network analysis

There are not enough network parsers for industrial network protocols and some of those parsers do not cover the entire range of functions of the network protocols. This leads to a loss of information with passive network recordings. Therefore, the aim is to support more industrial protocols and increase content coverage. An overwiev of parsers can be found in the repository OT-Parsers.

Active requests

Active queries make it possible to collect significantly more and more targeted information than is the case with passive network analysis. Therefore, this should be carried out where it can be done safely and without interfering the controls and processes. One way of doing this is to use Nmap scripts as presented in the repository OT-Nmap-scripts.

Popular repositories

  1. ot-parsers ot-parsers Public

    a collection of OT and ICS protocol parsers for Zeek

    Zeek 5 2

  2. ot-nmap-scripts ot-nmap-scripts Public

    a collection of NMAP NSE scrips for OT protocolls

    Lua 4 1

  3. DDDC-Netbox-plugin DDDC-Netbox-plugin Public

    The DDDC plugin for NetBox

    Python 1

  4. .github .github Public

Repositories

Showing 4 of 4 repositories

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Top languages

Loading…

Most used topics

Loading…