Skip to content

Commit

Permalink
Merge branch 'development' of https://github.com/mmguero-dev/Malcolm
Browse files Browse the repository at this point in the history 
…into v24.07.0_merge_cisagov
  • Loading branch information
@mmguero
mmguero committed Jul 29, 2024
2 parents c8b1b7f + 9ea3e5b commit 0ec9549
Show file tree
Hide file tree
Showing 164 changed files with 4,280 additions and 1,927 deletions.
2 changes: 1 addition & 1 deletion Dockerfiles/arkime.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ ENV PYTHONDONTWRITEBYTECODE 1
ENV PYTHONUNBUFFERED 1

ENV ARKIME_DIR "/opt/arkime"
ENV ARKIME_VERSION "5.2.0"
ENV ARKIME_VERSION "5.3.0"
ENV ARKIME_DEB_URL "https://github.com/arkime/arkime/releases/download/v${ARKIME_VERSION}/arkime_${ARKIME_VERSION}-1.debian12_XXX.deb"
ENV ARKIME_JA4_SO_URL "https://github.com/arkime/arkime/releases/download/v${ARKIME_VERSION}/ja4plus.XXX.so"
ENV ARKIME_LOCALELASTICSEARCH no
Expand Down
10 changes: 5 additions & 5 deletions Dockerfiles/dashboards.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ ENV TERM xterm
ENV TINI_VERSION v0.19.0
ENV TINI_URL https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini

ENV OSD_TRANSFORM_VIS_VERSION 2.13.0
ENV OSD_TRANSFORM_VIS_VERSION 2.15.0

ARG NODE_OPTIONS="--max_old_space_size=4096"
ENV NODE_OPTIONS $NODE_OPTIONS
Expand All @@ -43,10 +43,10 @@ RUN export BINARCH=$(uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/')
# Malcolm manages authentication and encryption via NGINX reverse proxy
/usr/share/opensearch-dashboards/bin/opensearch-dashboards-plugin remove securityDashboards --allow-root && \
cd /tmp && \
unzip transformVis.zip opensearch-dashboards/transformVis/opensearch_dashboards.json opensearch-dashboards/transformVis/package.json && \
sed -i "s/2\.13\.0/2\.15\.0/g" opensearch-dashboards/transformVis/opensearch_dashboards.json && \
sed -i "s/2\.13\.0/2\.15\.0/g" opensearch-dashboards/transformVis/package.json && \
zip transformVis.zip opensearch-dashboards/transformVis/opensearch_dashboards.json opensearch-dashboards/transformVis/package.json && \
# unzip transformVis.zip opensearch-dashboards/transformVis/opensearch_dashboards.json opensearch-dashboards/transformVis/package.json && \
# sed -i "s/2\.13\.0/2\.15\.0/g" opensearch-dashboards/transformVis/opensearch_dashboards.json && \
# sed -i "s/2\.13\.0/2\.15\.0/g" opensearch-dashboards/transformVis/package.json && \
# zip transformVis.zip opensearch-dashboards/transformVis/opensearch_dashboards.json opensearch-dashboards/transformVis/package.json && \
cd /usr/share/opensearch-dashboards/plugins && \
/usr/share/opensearch-dashboards/bin/opensearch-dashboards-plugin install file:///tmp/transformVis.zip --allow-root && \
rm -rf /tmp/transformVis /tmp/opensearch-dashboards && \
Expand Down
2 changes: 1 addition & 1 deletion Dockerfiles/filebeat.Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
ARG TARGETPLATFORM=linux/amd64

FROM --platform=${TARGETPLATFORM} docker.elastic.co/beats/filebeat-oss:8.14.1
FROM --platform=${TARGETPLATFORM} docker.elastic.co/beats/filebeat-oss:8.14.3

# Copyright (c) 2024 Battelle Energy Alliance, LLC. All rights reserved.
LABEL maintainer="[email protected]"
Expand Down
2 changes: 1 addition & 1 deletion Dockerfiles/logstash.Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
ARG TARGETPLATFORM=linux/amd64

FROM --platform=${TARGETPLATFORM} docker.elastic.co/logstash/logstash-oss:8.14.1
FROM --platform=${TARGETPLATFORM} docker.elastic.co/logstash/logstash-oss:8.14.3

LABEL maintainer="[email protected]"
LABEL org.opencontainers.image.authors='[email protected]'
Expand Down
2 changes: 1 addition & 1 deletion Dockerfiles/netbox.Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
ARG TARGETPLATFORM=linux/amd64

FROM --platform=${TARGETPLATFORM} netboxcommunity/netbox:v4.0.6
FROM --platform=${TARGETPLATFORM} netboxcommunity/netbox:v4.0.8

# Copyright (c) 2024 Battelle Energy Alliance, LLC. All rights reserved.
LABEL maintainer="[email protected]"
Expand Down
8 changes: 4 additions & 4 deletions Dockerfiles/nginx.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ RUN find /site -type f -name "*.md" -exec sed -i "s/{{[[:space:]]*site.github.bu
find /site/_site -type f -name "*.html" -exec sed -i 's@\(href=\)"/"@\1"/readme/"@g' "{}" \;

# build NGINX image
FROM --platform=${TARGETPLATFORM} alpine:3.18
FROM --platform=${TARGETPLATFORM} alpine:3.20

LABEL maintainer="[email protected]"
LABEL org.opencontainers.image.authors='[email protected]'
Expand Down Expand Up @@ -162,7 +162,7 @@ RUN set -x ; \
" ; \
apk update --no-cache; \
apk upgrade --no-cache; \
apk add --no-cache curl rsync shadow libressl; \
apk add --no-cache curl rsync shadow openssl; \
addgroup -g ${DEFAULT_GID} -S ${PGROUP} ; \
adduser -S -D -H -u ${DEFAULT_UID} -h /var/cache/nginx -s /sbin/nologin -G ${PGROUP} -g ${PUSER} ${PUSER} ; \
addgroup ${PUSER} shadow ; \
Expand All @@ -173,7 +173,7 @@ RUN set -x ; \
geoip-dev \
gnupg \
libc-dev \
libressl-dev \
openssl-dev \
libxslt-dev \
linux-headers \
make \
Expand Down Expand Up @@ -226,7 +226,7 @@ RUN set -x ; \
| xargs -r apk info --installed \
| sort -u \
)" ; \
apk add --no-cache --virtual .nginx-rundeps $runDeps ca-certificates bash jq wget openssl apache2-utils openldap shadow stunnel supervisor tini tzdata; \
apk add --no-cache --virtual .nginx-rundeps $runDeps ca-certificates bash jq wget apache2-utils openldap shadow stunnel supervisor tini tzdata; \
update-ca-certificates; \
apk del .nginx-build-deps ; \
apk del .gettext ; \
Expand Down
2 changes: 1 addition & 1 deletion Dockerfiles/suricata.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,7 @@ COPY --chmod=644 scripts/malcolm_utils.py /usr/local/bin/
COPY --chmod=755 shared/bin/suricata_config_populate.py /usr/local/bin/
COPY --chmod=755 suricata/scripts/docker_entrypoint.sh /usr/local/bin/
COPY --chmod=755 suricata/scripts/suricata-update-rules.sh /usr/local/bin/
COPY --chmod=u=rwX,go=rX suricata/rules-default/ "$SURICATA_DEFAULT_RULES_DIR"/
COPY --chmod=755 suricata/rules-default/ "$SURICATA_DEFAULT_RULES_DIR"/

ARG PCAP_PIPELINE_VERBOSITY=""
ARG PCAP_MONITOR_HOST=pcap-monitor
Expand Down
5 changes: 4 additions & 1 deletion Dockerfiles/zeek.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,9 @@ ENV CCACHE_COMPRESS 1
ADD shared/bin/zeek-deb-download.sh /usr/local/bin/
ADD shared/bin/zeek_install_plugins.sh /usr/local/bin/

# custom one-off packages locally
ADD zeek/custom-pkg "$ZEEK_DIR"/custom-pkg

ENV SUPERCRONIC_VERSION "0.2.30"
ENV SUPERCRONIC_URL "https://github.com/aptible/supercronic/releases/download/v$SUPERCRONIC_VERSION/supercronic-linux-"
ENV SUPERCRONIC_CRONTAB "${ZEEK_DIR}/crontab"
Expand Down Expand Up @@ -168,7 +171,7 @@ RUN groupadd --gid ${DEFAULT_GID} ${PUSER} && \

# sanity checks to make sure the plugins installed and copied over correctly
# these ENVs should match the third party scripts/plugins installed by zeek_install_plugins.sh
ENV ZEEK_THIRD_PARTY_PLUGINS_GREP "(Zeek::Spicy|ANALYZER_SPICY_DHCP|ANALYZER_SPICY_DNS|ANALYZER_SPICY_HTTP|ANALYZER_SPICY_OSPF|ANALYZER_SPICY_OPENVPN_UDP\b|ANALYZER_SPICY_IPSEC_UDP\b|ANALYZER_SPICY_TFTP|ANALYZER_SPICY_WIREGUARD|ANALYZER_SYNCHROPHASOR_TCP|ANALYZER_GENISYS_TCP|ANALYZER_SPICY_PROFINET_IO_CM|ANALYZER_S7COMM_TCP|Corelight::PE_XOR|ICSNPP::BACnet|ICSNPP::BSAP|ICSNPP::ENIP|ICSNPP::ETHERCAT|ICSNPP::OPCUA_Binary|Salesforce::GQUIC|Zeek::PROFINET|Zeek::TDS)"
ENV ZEEK_THIRD_PARTY_PLUGINS_GREP "(Zeek::Spicy|ANALYZER_SPICY_DHCP|ANALYZER_SPICY_DNS|ANALYZER_SPICY_HTTP|ANALYZER_SPICY_OSPF|ANALYZER_SPICY_OPENVPN_UDP\b|ANALYZER_SPICY_IPSEC_UDP\b|ANALYZER_SPICY_TFTP|ANALYZER_SPICY_WIREGUARD|ANALYZER_SYNCHROPHASOR_TCP|ANALYZER_GENISYS_TCP|ANALYZER_SPICY_GE_SRTP|ANALYZER_SPICY_PROFINET_IO_CM|ANALYZER_S7COMM_TCP|Corelight::PE_XOR|ICSNPP::BACnet|ICSNPP::BSAP|ICSNPP::ENIP|ICSNPP::ETHERCAT|ICSNPP::OPCUA_Binary|Salesforce::GQUIC|Zeek::PROFINET|Zeek::TDS)"
ENV ZEEK_THIRD_PARTY_SCRIPTS_GREP "(bro-is-darknet/main|bro-simple-scan/scan|bzar/main|callstranger-detector/callstranger|cve-2020-0601/cve-2020-0601|cve-2020-13777/cve-2020-13777|CVE-2020-16898/CVE-2020-16898|CVE-2021-38647/omigod|CVE-2021-31166/detect|CVE-2021-41773/CVE_2021_41773|CVE-2021-42292/main|cve-2021-44228/CVE_2021_44228|cve-2022-22954/main|cve-2022-26809/main|CVE-2022-3602/__load__|hassh/hassh|http-more-files-names/main|ja4/main|pingback/detect|ripple20/ripple20|SIGRed/CVE-2020-1350|zeek-EternalSafety/main|zeek-httpattacks/main|zeek-sniffpass/__load__|zerologon/main)\.(zeek|bro)"

RUN mkdir -p /tmp/logs && \
Expand Down
1 change: 0 additions & 1 deletion _config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,6 @@ exclude:
- htadmin
- logstash
- malcolm-iso
- net-map.json
- netbox
- nginx
- opensearch
Expand Down
41 changes: 40 additions & 1 deletion arkime/etc/config.ini
View file
Original file line number Diff line number Diff line change
Expand Up @@ -237,6 +237,8 @@ zeek.bacnet_device_control.result_code=db:zeek.bacnet_device_control.result_code

# bacnet_discovery.log
# https://github.com/cisagov/ICSNPP
zeek.bacnet_discovery.device_id_number=db:zeek.bacnet_discovery.device_id_number;group:zeek_bacnet;kind:integer;viewerOnly:true;friendly:Device ID Number;help:Device ID Number
zeek.bacnet_discovery.device_id_type=db:zeek.bacnet_discovery.device_id_type;group:zeek_bacnet;kind:termfield;viewerOnly:true;friendly:Device ID Type;help:Device ID Type
zeek.bacnet_discovery.object_name=db:zeek.bacnet_discovery.object_name;group:zeek_bacnet;kind:termfield;viewerOnly:true;friendly:Object Name;help:Object Name
zeek.bacnet_discovery.object_type=db:zeek.bacnet_discovery.object_type;group:zeek_bacnet;kind:termfield;viewerOnly:true;friendly:Object Type;help:Object Type
zeek.bacnet_discovery.range=db:zeek.bacnet_discovery.range;group:zeek_bacnet;kind:termfield;viewerOnly:true;friendly:Range;help:Range
Expand Down Expand Up @@ -537,6 +539,42 @@ zeek.ftp.data_channel.orig_h=db:zeek.ftp.data_channel.orig_h;group:zeek_ftp;kind
zeek.ftp.data_channel.resp_h=db:zeek.ftp.data_channel.resp_h;group:zeek_ftp;kind:termfield;viewerOnly:true;friendly:Data Responding Host;help:Data Responding Host
zeek.ftp.data_channel.resp_p=db:zeek.ftp.data_channel.resp_p;group:zeek_ftp;kind:integer;viewerOnly:true;friendly:Data Responding Port;help:Data Responding Port

# ge_srtp.log
#
zeek.ge_srtp.srtp_type=db:zeek.ge_srtp.srtp_type;group:zeek_ge_srtp;kind:termfield;friendly:srtp_type;help:srtp_type
zeek.ge_srtp.sequence_number_1=db:zeek.ge_srtp.sequence_number_1;group:zeek_ge_srtp;kind:integer;friendly:sequence_number_1;help:sequence_number_1
zeek.ge_srtp.text_length=db:zeek.ge_srtp.text_length;group:zeek_ge_srtp;kind:integer;friendly:text_length;help:text_length
zeek.ge_srtp.time_seconds=db:zeek.ge_srtp.time_seconds;group:zeek_ge_srtp;kind:integer;friendly:time_seconds;help:time_seconds
zeek.ge_srtp.time_minutes=db:zeek.ge_srtp.time_minutes;group:zeek_ge_srtp;kind:integer;friendly:time_minutes;help:time_minutes
zeek.ge_srtp.time_hours=db:zeek.ge_srtp.time_hours;group:zeek_ge_srtp;kind:integer;friendly:time_hours;help:time_hours
zeek.ge_srtp.sequence_number_2=db:zeek.ge_srtp.sequence_number_2;group:zeek_ge_srtp;kind:integer;friendly:sequence_number_2;help:sequence_number_2
zeek.ge_srtp.message_type=db:zeek.ge_srtp.message_type;group:zeek_ge_srtp;kind:termfield;friendly:message_type;help:message_type
zeek.ge_srtp.mailbox_source=db:zeek.ge_srtp.mailbox_source;group:zeek_ge_srtp;kind:termfield;friendly:mailbox_source;help:mailbox_source
zeek.ge_srtp.mailbox_destination=db:zeek.ge_srtp.mailbox_destination;group:zeek_ge_srtp;kind:termfield;friendly:mailbox_destination;help:mailbox_destination
zeek.ge_srtp.packet_number=db:zeek.ge_srtp.packet_number;group:zeek_ge_srtp;kind:integer;friendly:packet_number;help:packet_number
zeek.ge_srtp.total_packet_number=db:zeek.ge_srtp.total_packet_number;group:zeek_ge_srtp;kind:integer;friendly:total_packet_number;help:total_packet_number
zeek.ge_srtp.service_request_code=db:zeek.ge_srtp.service_request_code;group:zeek_ge_srtp;kind:termfield;friendly:service_request_code;help:service_request_code
zeek.ge_srtp.segment_selector=db:zeek.ge_srtp.segment_selector;group:zeek_ge_srtp;kind:termfield;friendly:segment_selector;help:segment_selector
zeek.ge_srtp.memory_offset=db:zeek.ge_srtp.memory_offset;group:zeek_ge_srtp;kind:integer;friendly:memory_offset;help:memory_offset
zeek.ge_srtp.data_length=db:zeek.ge_srtp.data_length;group:zeek_ge_srtp;kind:integer;friendly:data_length;help:data_length
zeek.ge_srtp.status_code=db:zeek.ge_srtp.status_code;group:zeek_ge_srtp;kind:termfield;friendly:status_code;help:status_code
zeek.ge_srtp.minor_status_code=db:zeek.ge_srtp.minor_status_code;group:zeek_ge_srtp;kind:termfield;friendly:minor_status_code;help:minor_status_code
zeek.ge_srtp.data_requested=db:zeek.ge_srtp.data_requested;group:zeek_ge_srtp;kind:termfield;friendly:data_requested;help:data_requested
zeek.ge_srtp.control_program_number=db:zeek.ge_srtp.control_program_number;group:zeek_ge_srtp;kind:integer;friendly:control_program_number;help:control_program_number
zeek.ge_srtp.current_privilege_level=db:zeek.ge_srtp.current_privilege_level;group:zeek_ge_srtp;kind:integer;friendly:current_privilege_level;help:current_privilege_level
zeek.ge_srtp.last_sweep_time=db:zeek.ge_srtp.last_sweep_time;group:zeek_ge_srtp;kind:integer;friendly:last_sweep_time;help:last_sweep_time
zeek.ge_srtp.oversweep_flag=db:zeek.ge_srtp.oversweep_flag;group:zeek_ge_srtp;kind:termfield;friendly:oversweep_flag;help:oversweep_flag
zeek.ge_srtp.constant_sweep_mode=db:zeek.ge_srtp.constant_sweep_mode;group:zeek_ge_srtp;kind:termfield;friendly:constant_sweep_mode;help:constant_sweep_mode
zeek.ge_srtp.plc_fault_entry_last_read=db:zeek.ge_srtp.plc_fault_entry_last_read;group:zeek_ge_srtp;kind:termfield;friendly:plc_fault_entry_last_read;help:plc_fault_entry_last_read
zeek.ge_srtp.io_fault_entry_last_read=db:zeek.ge_srtp.io_fault_entry_last_read;group:zeek_ge_srtp;kind:termfield;friendly:io_fault_entry_last_read;help:io_fault_entry_last_read
zeek.ge_srtp.plc_fault_entry_present=db:zeek.ge_srtp.plc_fault_entry_present;group:zeek_ge_srtp;kind:termfield;friendly:plc_fault_entry_present;help:plc_fault_entry_present
zeek.ge_srtp.io_fault_entry_present=db:zeek.ge_srtp.io_fault_entry_present;group:zeek_ge_srtp;kind:termfield;friendly:io_fault_entry_present;help:io_fault_entry_present
zeek.ge_srtp.programmer_attachment=db:zeek.ge_srtp.programmer_attachment;group:zeek_ge_srtp;kind:termfield;friendly:programmer_attachment;help:programmer_attachment
zeek.ge_srtp.front_panel_enable_switch=db:zeek.ge_srtp.front_panel_enable_switch;group:zeek_ge_srtp;kind:termfield;friendly:front_panel_enable_switch;help:front_panel_enable_switch
zeek.ge_srtp.front_panel_run_switch=db:zeek.ge_srtp.front_panel_run_switch;group:zeek_ge_srtp;kind:termfield;friendly:front_panel_run_switch;help:front_panel_run_switch
zeek.ge_srtp.oem_protected=db:zeek.ge_srtp.oem_protected;group:zeek_ge_srtp;kind:termfield;friendly:oem_protected;help:oem_protected
zeek.ge_srtp.plc_state=db:zeek.ge_srtp.plc_state;group:zeek_ge_srtp;kind:termfield;friendly:plc_state;help:plc_state

# genisys.log
# https://github.com/cisagov/icsnpp-genisys
zeek.genisys.header=db:zeek.genisys.header;group:zeek_genisys;kind:termfield;viewerOnly:true;friendly:Control Character;help:Control Character
Expand Down Expand Up @@ -2638,7 +2676,7 @@ n_netbox_segment_originator=require:source.segment.id;title:NetBox Segment (Orig
n_netbox_segment_responder=require:destination.segment.id;title:NetBox Segment (Responder);fields:destination.segment.id,destination.segment.name,destination.segment.site,destination.segment.tenant,destination.segment.url
n_netbox_z_related=require:related.site;title:NetBox Related;fields:related.site,network.name,related.manufacturer,related.device_type,related.role,related.device_id,related.device_name,related.service
o_zeek_bacnet=require:zeek.bacnet;title:Zeek bacnet.log;fields:zeek.bacnet.bvlc_function,zeek.bacnet.pdu_type,zeek.bacnet.pdu_service,zeek.bacnet.invoke_id,zeek.bacnet.instance_number,zeek.bacnet.result_code
o_zeek_bacnet_discovery=require:zeek.bacnet_discovery;title:Zeek bacnet_discovery.log;fields:zeek.bacnet.pdu_service,zeek.bacnet_discovery.object_type,zeek.bacnet_discovery.vendor,zeek.bacnet_discovery.range,zeek.bacnet_discovery.range_low,zeek.bacnet_discovery.range_high,zeek.bacnet_discovery.object_name
o_zeek_bacnet_discovery=require:zeek.bacnet_discovery;title:Zeek bacnet_discovery.log;fields:zeek.bacnet.pdu_service,zeek.bacnet_discovery.device_id_type,zeek.bacnet_discovery.device_id_number,zeek.bacnet_discovery.object_type,zeek.bacnet_discovery.vendor,zeek.bacnet_discovery.range,zeek.bacnet_discovery.range_low,zeek.bacnet_discovery.range_high,zeek.bacnet_discovery.object_name
o_zeek_bacnet_device_control=require:zeek.bacnet_device_control;title:Zeek bacnet_device_control.log;fields:zeek.bacnet.pdu_service,zeek.bacnet_device_control.time_duration,zeek.bacnet_device_control.device_state,zeek.bacnet_device_control.result,zeek.bacnet_device_control.result_code
o_zeek_bacnet_property=require:zeek.bacnet_property;title:Zeek bacnet_property.log;fields:zeek.bacnet.pdu_service,zeek.bacnet_property.object_type,zeek.bacnet_property.property,zeek.bacnet_property.array_index,zeek.bacnet_property.value
o_zeek_bestguess=require:zeek.bestguess;title:Zeek bestguess.log;fields:zeek.bestguess.name,zeek.bestguess.category
Expand Down Expand Up @@ -2670,6 +2708,7 @@ o_zeek_ecat_soe_info=require:zeek.ecat_soe_info;title:Zeek ecat_soe_info.log;fie
o_zeek_enip=require:zeek.enip;title:Zeek enip.log;fields:zeek.enip.enip_command,zeek.enip.enip_command_code,zeek.enip.length,zeek.enip.session_handle,zeek.enip.enip_status,zeek.enip.sender_context,zeek.enip.options
o_zeek_files=require:zeek.files;title:Zeek files.log;fields:zeek.files.tx_hosts,zeek.files.rx_hosts,zeek.files.conn_uids,zeek.files.source,zeek.files.depth,zeek.files.analyzers,zeek.files.mime_type,zeek.files.filename,zeek.files.ftime,zeek.files.duration,zeek.files.local_orig,zeek.files.seen_bytes,zeek.files.total_bytes,zeek.files.missing_bytes,zeek.files.overflow_bytes,zeek.files.timedout,zeek.files.parent_fuid,zeek.files.md5,zeek.files.sha1,zeek.files.sha256,zeek.files.extracted,zeek.files.extracted_uri,zeek.files.extracted_cutoff,zeek.files.extracted_size
o_zeek_ftp=require:zeek.ftp;title:Zeek ftp.log;fields:zeek.ftp.command,zeek.ftp.arg,zeek.ftp.mime_type,zeek.ftp.file_size,zeek.ftp.reply_code,zeek.ftp.reply_msg,zeek.ftp.data_channel.passive,zeek.ftp.data_channel.orig_h,zeek.ftp.data_channel.resp_h,zeek.ftp.data_channel.resp_p
o_zeek_ge_srtp=require:zeek.ge_srtp;title:Zeek ge_srtp.log;fields:zeek.ge_srtp.srtp_type,zeek.ge_srtp.sequence_number_1,zeek.ge_srtp.text_length,zeek.ge_srtp.time_seconds,zeek.ge_srtp.time_minutes,zeek.ge_srtp.time_hours,zeek.ge_srtp.sequence_number_2,zeek.ge_srtp.message_type,zeek.ge_srtp.mailbox_source,zeek.ge_srtp.mailbox_destination,zeek.ge_srtp.packet_number,zeek.ge_srtp.total_packet_number,zeek.ge_srtp.service_request_code,zeek.ge_srtp.segment_selector,zeek.ge_srtp.memory_offset,zeek.ge_srtp.data_length,zeek.ge_srtp.status_code,zeek.ge_srtp.minor_status_code,zeek.ge_srtp.data_requested,zeek.ge_srtp.control_program_number,zeek.ge_srtp.current_privilege_level,zeek.ge_srtp.last_sweep_time,zeek.ge_srtp.oversweep_flag,zeek.ge_srtp.constant_sweep_mode,zeek.ge_srtp.plc_fault_entry_last_read,zeek.ge_srtp.io_fault_entry_last_read,zeek.ge_srtp.plc_fault_entry_present,zeek.ge_srtp.io_fault_entry_present,zeek.ge_srtp.programmer_attachment,zeek.ge_srtp.front_panel_enable_switch,zeek.ge_srtp.front_panel_run_switch,zeek.ge_srtp.oem_protected,zeek.ge_srtp.plc_state
o_zeek_genisys=require:zeek.genisys;title:Zeek genisys.log;fields:zeek.genisys.header,zeek.genisys.server,zeek.genisys.direction,zeek.genisys.crc_transmitted,zeek.genisys.crc_calculated,zeek.genisys.payload.address,zeek.genisys.payload.data
o_zeek_gquic=require:zeek.gquic;title:Zeek gquic.log;fields:zeek.gquic.version,zeek.gquic.server_name,zeek.gquic.user_agent,zeek.gquic.tag_count,zeek.gquic.cyu,zeek.gquic.cyutags
o_zeek_http=require:zeek.http;title:Zeek http.log;fields:zeek.http.trans_depth,zeek.http.method,zeek.http.host,zeek.http.uri,zeek.http.origin,zeek.http.post_password_plain,zeek.http.post_username,zeek.http.referrer,zeek.http.version,zeek.http.user_agent,zeek.http.request_body_len,zeek.http.response_body_len,zeek.http.status_code,zeek.http.status_msg,zeek.http.info_code,zeek.http.info_msg,zeek.http.tags,zeek.http.proxied,zeek.http.orig_fuids,zeek.http.orig_filenames,zeek.http.orig_mime_types,zeek.http.resp_fuids,zeek.http.resp_filenames,zeek.http.resp_mime_types,zeek.http.ja4h
Expand Down
Loading

0 comments on commit 0ec9549

Please sign in to comment.