forked from cisagov/Malcolm
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add icsnpp-s7comm parser support #99
Labels
enhancement
New feature or request
external
Depends on a bug or feature external to this project
ics
Relating to ICS (Industrial Control Systems) devices
zeek
Relating to Malcolm's use of Zeek
Projects
Comments
mmguero
added
enhancement
New feature or request
external
Depends on a bug or feature external to this project
ics
Relating to ICS (Industrial Control Systems) devices
zeek
Relating to Malcolm's use of Zeek
labels
May 9, 2022
Although it's not quite at feature parity with the amazon one yet, so I'll probably wait until it is. |
Done for next release. |
This was referenced Sep 7, 2022
mmguero
added a commit
that referenced
this issue
Sep 7, 2022
* New Features * Support remote OpenSearch instance/cluster as alternative to local containerized instance (#110) * Documentation and convenience scripts for configuring ingestion of third-party logs, and basic parsing/normalizing of Fluent-Bit's Windows event logs * S7comm Plus support and replaced Amazon S7comm parser with icsnpp-s7comm (#99) * Version Bumps * OpenSearch and OpenSearch Dashboards to v2.2.1 * Zeek to v5.0.1 * Spicy to v1.5.1 * spicy-plugin to v1.3.17 * YARA to v4.2.3 * Capa to v4.0.1 * Improvements * Major improvements to OPC UA Binary parser and supporting dashboards * Ensure that all containers are provided the same information about trusted CA certificates * changed list of "sensitive countries" to match U.S. Department of Energy Sensitive Country List * Increased maximum fields from 3,000 to 5,000 * Standardized configuration and authentication for primary and secondary remote OpenSearch instances, and make sure that index templates are created on secondary remote OpenSearch instances * Expand and fix normalization of [network.direction](https://www.elastic.co/guide/en/ecs/current/ecs-network.html#field-network-direction) in lieu of using tags * Various tweaks and improvements to the `install.py` script for enabling/disabling some features * Bugs Fixed * fields could be missing in Arkime due to a large number of concurrent requests (#115) * mapper_parsing_exception, TCP flag parsing problem (cisagov#214)
mmguero
added a commit
to cisagov/Malcolm
that referenced
this issue
Sep 7, 2022
* New Features * Support remote OpenSearch instance/cluster as alternative to local containerized instance (idaholab#110) * Documentation and convenience scripts for configuring ingestion of third-party logs, and basic parsing/normalizing of Fluent-Bit's Windows event logs * S7comm Plus support and replaced Amazon S7comm parser with icsnpp-s7comm (idaholab#99) * Version Bumps * OpenSearch and OpenSearch Dashboards to v2.2.1 * Zeek to v5.0.1 * Spicy to v1.5.1 * spicy-plugin to v1.3.17 * YARA to v4.2.3 * Capa to v4.0.1 * Improvements * Major improvements to OPC UA Binary parser and supporting dashboards * Ensure that all containers are provided the same information about trusted CA certificates * changed list of "sensitive countries" to match U.S. Department of Energy Sensitive Country List * Increased maximum fields from 3,000 to 5,000 * Standardized configuration and authentication for primary and secondary remote OpenSearch instances, and make sure that index templates are created on secondary remote OpenSearch instances * Expand and fix normalization of [network.direction](https://www.elastic.co/guide/en/ecs/current/ecs-network.html#field-network-direction) in lieu of using tags * Various tweaks and improvements to the `install.py` script for enabling/disabling some features * Bugs Fixed * fields could be missing in Arkime due to a large number of concurrent requests (idaholab#115) * mapper_parsing_exception, TCP flag parsing problem (#214)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
enhancement
New feature or request
external
Depends on a bug or feature external to this project
ics
Relating to ICS (Industrial Control Systems) devices
zeek
Relating to Malcolm's use of Zeek
https://github.com/cisagov/icsnpp-s7comm
The text was updated successfully, but these errors were encountered: