add icsnpp-s7comm parser support #99
Assignees
Labels
enhancement
New feature or request
external
Depends on a bug or feature external to this project
ics
Relating to ICS (Industrial Control Systems) devices
zeek
Relating to Malcolm's use of Zeek
Projects
Comments
mmguero
added
enhancement
|
Although it's not quite at feature parity with the amazon one yet, so I'll probably wait until it is. |
|
Done for next release. |
This was referenced Sep 7, 2022
mmguero
added a commit
that referenced
this issue
Sep 7, 2022
* New Features
* Support remote OpenSearch instance/cluster as alternative to local containerized instance (#110)
* Documentation and convenience scripts for configuring ingestion of third-party logs, and basic parsing/normalizing of Fluent-Bit's Windows event logs
* S7comm Plus support and replaced Amazon S7comm parser with icsnpp-s7comm (#99)
* Version Bumps
* OpenSearch and OpenSearch Dashboards to v2.2.1
* Zeek to v5.0.1
* Spicy to v1.5.1
* spicy-plugin to v1.3.17
* YARA to v4.2.3
* Capa to v4.0.1
* Improvements
* Major improvements to OPC UA Binary parser and supporting dashboards
* Ensure that all containers are provided the same information about trusted CA certificates
* changed list of "sensitive countries" to match U.S. Department of Energy Sensitive Country List
* Increased maximum fields from 3,000 to 5,000
* Standardized configuration and authentication for primary and secondary remote OpenSearch instances, and make sure that index templates are created on secondary remote OpenSearch instances
* Expand and fix normalization of [network.direction](https://www.elastic.co/guide/en/ecs/current/ecs-network.html#field-network-direction) in lieu of using tags
* Various tweaks and improvements to the `install.py` script for enabling/disabling some features
* Bugs Fixed
* fields could be missing in Arkime due to a large number of concurrent requests (#115)
* mapper_parsing_exception, TCP flag parsing problem (cisagov#214)
mmguero
added a commit
to cisagov/Malcolm
that referenced
this issue
Sep 7, 2022
* New Features
* Support remote OpenSearch instance/cluster as alternative to local containerized instance (idaholab#110)
* Documentation and convenience scripts for configuring ingestion of third-party logs, and basic parsing/normalizing of Fluent-Bit's Windows event logs
* S7comm Plus support and replaced Amazon S7comm parser with icsnpp-s7comm (idaholab#99)
* Version Bumps
* OpenSearch and OpenSearch Dashboards to v2.2.1
* Zeek to v5.0.1
* Spicy to v1.5.1
* spicy-plugin to v1.3.17
* YARA to v4.2.3
* Capa to v4.0.1
* Improvements
* Major improvements to OPC UA Binary parser and supporting dashboards
* Ensure that all containers are provided the same information about trusted CA certificates
* changed list of "sensitive countries" to match U.S. Department of Energy Sensitive Country List
* Increased maximum fields from 3,000 to 5,000
* Standardized configuration and authentication for primary and secondary remote OpenSearch instances, and make sure that index templates are created on secondary remote OpenSearch instances
* Expand and fix normalization of [network.direction](https://www.elastic.co/guide/en/ecs/current/ecs-network.html#field-network-direction) in lieu of using tags
* Various tweaks and improvements to the `install.py` script for enabling/disabling some features
* Bugs Fixed
* fields could be missing in Arkime due to a large number of concurrent requests (idaholab#115)
* mapper_parsing_exception, TCP flag parsing problem (#214)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://github.com/cisagov/icsnpp-s7comm
The text was updated successfully, but these errors were encountered: