policy/protocols/modbus/known-masters-slaves.bro

Known

Script for tracking known Modbus masters and slaves.

Todo

This script needs a lot of work. What might be more interesting is to track master/slave relationships based on commands sent and successful (non-exception) responses.

Namespace:Known
Imports:base/protocols/modbus
Source File:/scripts/policy/protocols/modbus/known-masters-slaves.bro

Summary

State Variables

Known::modbus_nodes: set &create_expire = 1.0 day &redef The Modbus nodes being tracked.

Redefinitions

Log::ID: enum  

Events

Known::log_known_modbus: event Event that can be handled to access the loggable record as it is sent on to the logging framework.

Detailed Interface

State Variables

Known::modbus_nodes
Type:set [addr, Known::ModbusDeviceType]
Attributes:&create_expire = 1.0 day &redef
Default:{}

The Modbus nodes being tracked.

Types

Known::ModbusDeviceType
Type:

enum

Known::MODBUS_MASTER
Known::MODBUS_SLAVE
Known::ModbusInfo
Type:

record

ts: time &log

The time the device was discovered.

host: addr &log

The IP address of the host.

device_type: Known::ModbusDeviceType &log

The type of device being tracked.

Events

Known::log_known_modbus
Type:event (rec: Known::ModbusInfo)

Event that can be handled to access the loggable record as it is sent on to the logging framework.

Copyright 2016, The Bro Project. Last updated on December 13, 2017. Created using Sphinx 1.5.2.