Skip to content

Commit

Permalink
Merge branch 'development' of https://github.com/mmguero-dev/Malcolm
Browse files Browse the repository at this point in the history
  • Loading branch information
@mmguero
mmguero committed Jul 20, 2023
2 parents 432a90a + c5c772b commit 704ac79
Show file tree
Hide file tree
Showing 39 changed files with 302 additions and 262 deletions.
9 changes: 5 additions & 4 deletions arkime/etc/config.ini
View file
Original file line number Diff line number Diff line change
Expand Up @@ -674,11 +674,12 @@ zeek.login.client_user=db:zeek.login.client_user;group:zeek_login;kind:termfield
# https://docs.zeek.org/en/stable/scripts/base/protocols/modbus/main.zeek.html#type-Modbus::Info
zeek.modbus.func=db:zeek.modbus.func;group:zeek_modbus;kind:termfield;friendly:Function;help:Function
zeek.modbus.exception=db:zeek.modbus.exception;group:zeek_modbus;kind:termfield;friendly:Exception;help:Exception
zeek.modbus.unit_id=db:zeek.modbus.unit_id;group:zeek_modbus;kind:integer;friendly:Unit/Server ID;help:Unit/Server ID
zeek.modbus.trans_id=db:zeek.modbus.trans_id;group:zeek_modbus;kind:integer;friendly:Transaction ID;help:Transaction ID
zeek.modbus.network_direction=db:zeek.modbus.network_direction;group:zeek_modbus;kind:termfield;friendly:PDU Type;help:Request or Response

# modbus_detailed.log
# https://github.com/cisagov/ICSNPP
zeek.modbus_detailed.unit_id=db:zeek.modbus_detailed.unit_id;group:zeek_modbus;kind:integer;friendly:Unit/Server ID;help:Unit/Server ID
zeek.modbus_detailed.network_direction=db:zeek.modbus_detailed.network_direction;group:zeek_modbus;kind:termfield;friendly:Request or Response;help:Request or Response
zeek.modbus_detailed.address=db:zeek.modbus_detailed.address;group:zeek_modbus;kind:integer;friendly:Starting Memory Address;help:Starting Memory Address
zeek.modbus_detailed.quantity=db:zeek.modbus_detailed.quantity;group:zeek_modbus;kind:integer;friendly:Number of Values;help:Number of Values
zeek.modbus_detailed.values=db:zeek.modbus_detailed.values;group:zeek_modbus;kind:termfield;friendly:Values;help:Values
Expand Down Expand Up @@ -2601,8 +2602,8 @@ o_zeek_known_modbus=require:zeek.known_modbus;title:Zeek zeek.known_modbus.log;f
o_zeek_ldap=require:zeek.ldap;title:Zeek ldap.log;fields:zeek.ldap.message_id,zeek.ldap.version,zeek.ldap.operation,zeek.ldap.result_code,zeek.ldap.result_message,zeek.ldap.object,zeek.ldap.argument
o_zeek_ldap_search=require:zeek.ldap_search;title:Zeek ldap_search.log;fields:zeek.ldap_search.message_id,zeek.ldap_search.filter,zeek.ldap_search.attributes,zeek.ldap_search.scope,zeek.ldap_search.deref,zeek.ldap_search.base_object,zeek.ldap_search.result_count,zeek.ldap_search.result_code,zeek.ldap_search.result_message
o_zeek_login=require:zeek.login;title:Zeek login.log;fields:zeek.login.client_user,zeek.login.confused,zeek.login.success
o_zeek_modbus=require:zeek.modbus;title:Zeek modbus.log;fields:zeek.modbus.func,zeek.modbus.exception
o_zeek_modbus_detailed=require:zeek.modbus_detailed;title:Zeek modbus_detailed.log;fields:zeek.modbus_detailed.unit_id,zeek.modbus.func,zeek.modbus_detailed.network_direction,zeek.modbus_detailed.address,zeek.modbus_detailed.quantity,zeek.modbus_detailed.values
o_zeek_modbus=require:zeek.modbus;title:Zeek modbus.log;fields:zeek.modbus.trans_id,zeek.modbus.unit_id,zeek.modbus.network_direction,zeek.modbus.func,zeek.modbus.exception
o_zeek_modbus_detailed=require:zeek.modbus_detailed;title:Zeek modbus_detailed.log;fields:zeek.modbus.unit_id,zeek.modbus.func,zeek.modbus.network_direction,zeek.modbus_detailed.address,zeek.modbus_detailed.quantity,zeek.modbus_detailed.values
o_zeek_modbus_mask_write_register=require:zeek.modbus_mask_write_register;title:Zeek modbus_mask_write_register.log;fields:zeek.modbus_detailed.unit_id,zeek.modbus.func,zeek.modbus_detailed.network_direction,zeek.modbus_detailed.address,zeek.modbus_mask_write_register.and_mask,zeek.modbus_mask_write_register.or_mask
o_zeek_modbus_read_write_multiple_registers=require:zeek.modbus_read_write_multiple_registers;title:Zeek modbus_read_write_multiple_registers.log;fields:zeek.modbus_detailed.unit_id,zeek.modbus.func,zeek.modbus_detailed.network_direction,zeek.modbus_read_write_multiple_registers.write_start_address,zeek.modbus_read_write_multiple_registers.write_registers,zeek.modbus_read_write_multiple_registers.read_start_address,zeek.modbus_read_write_multiple_registers.read_quantity,zeek.modbus_read_write_multiple_registers.read_registers
o_zeek_mqtt_connect=require:zeek.mqtt_connect;title:Zeek mqtt_connect.log;fields:zeek.mqtt_connect.proto_name,zeek.mqtt_connect.proto_version,zeek.mqtt_connect.client_id,zeek.mqtt_connect.connect_status,zeek.mqtt_connect.will_topic,zeek.mqtt_connect.will_payload
Expand Down
5 changes: 3 additions & 2 deletions arkime/wise/source.zeeklogs.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1116,10 +1116,11 @@ class MalcolmSource extends WISESource {
"zeek.login.success",
"zeek.modbus.exception",
"zeek.modbus.func",
"zeek.modbus.network_direction",
"zeek.modbus.trans_id",
"zeek.modbus.unit_id",
"zeek.modbus_detailed.address",
"zeek.modbus_detailed.network_direction",
"zeek.modbus_detailed.quantity",
"zeek.modbus_detailed.unit_id",
"zeek.modbus_detailed.values",
"zeek.modbus_mask_write_register.and_mask",
"zeek.modbus_mask_write_register.or_mask",
Expand Down
Loading

0 comments on commit 704ac79

Please sign in to comment.