├── .github └── workflows │ └── opened-issues-triage.yml ├── .gitmodules ├── LICENSE.txt ├── NOTICE.txt └── README.md /.github/workflows/opened-issues-triage.yml: -------------------------------------------------------------------------------- 1 | # This workflow uses actions that are not certified by GitHub. 2 | # They are provided by a third-party and are governed by 3 | # separate terms of service, privacy policy, and support 4 | # documentation. 5 | 6 | # GitHub recommends pinning actions to a commit SHA. 7 | # To get a newer version, you will need to update the SHA. 8 | # You can also reference a tag or branch, but the action may change without warning. 9 | 10 | name: Add a new GitHub Project card linked to a GitHub issue to the specified project column 11 | on: [issues, pull_request] 12 | jobs: 13 | github-actions-automate-projects: 14 | runs-on: ubuntu-latest 15 | steps: 16 | - name: add-new-issues-to-repository-based-project-column 17 | uses: docker://takanabe/github-actions-automate-projects:v0.0.1 18 | if: github.event_name == 'issues' && github.event.action == 'opened' 19 | env: 20 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 21 | GITHUB_PROJECT_URL: https://github.com/orgs/cisagov/projects/27 22 | GITHUB_PROJECT_COLUMN_NAME: Triage -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "bacnet"] 2 | path = bacnet 3 | url = https://github.com/cisagov/icsnpp-bacnet 4 | branch = main 5 | [submodule "bsap"] 6 | path = bsap 7 | url = https://github.com/cisagov/icsnpp-bsap 8 | branch = main 9 | [submodule "ethercat"] 10 | path = ethercat 11 | url = https://github.com/cisagov/icsnpp-ethercat 12 | branch = main 13 | [submodule "enip"] 14 | path = enip 15 | url = https://github.com/cisagov/icsnpp-enip 16 | branch = main 17 | [submodule "genisys"] 18 | path = genisys 19 | url = https://github.com/cisagov/icsnpp-genisys 20 | branch = main 21 | [submodule "opcua-binary"] 22 | path = opcua-binary 23 | url = https://github.com/cisagov/icsnpp-opcua-binary 24 | branch = main 25 | [submodule "s7comm"] 26 | path = s7comm 27 | url = https://github.com/cisagov/icsnpp-s7comm 28 | branch = main 29 | [submodule "dnp3"] 30 | path = dnp3 31 | url = https://github.com/cisagov/icsnpp-dnp3 32 | branch = main 33 | [submodule "modbus"] 34 | path = modbus 35 | url = https://github.com/cisagov/icsnpp-modbus 36 | branch = main 37 | [submodule "synchrophasor"] 38 | path = synchrophasor 39 | url = https://github.com/cisagov/icsnpp-synchrophasor 40 | branch = main 41 | [submodule "profinet-io-cm"] 42 | path = profinet-io-cm 43 | url = https://github.com/cisagov/icsnpp-profinet-io-cm 44 | branch = main 45 | [submodule "ge-srtp"] 46 | path = ge-srtp 47 | url = https://github.com/cisagov/icsnpp-ge-srtp 48 | branch = develop 49 | [submodule "hart-ip"] 50 | path = hart-ip 51 | url = https://github.com/cisagov/icsnpp-hart-ip 52 | branch = main 53 | [submodule "omron-fins"] 54 | path = omron-fins 55 | url = https://github.com/cisagov/icsnpp-omron-fins 56 | branch = main 57 | [submodule "roc-plus"] 58 | path = roc-plus 59 | url = https://github.com/cisagov/icsnpp-roc-plus 60 | branch = main 61 | -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | BSD 3-Clause License 2 | 3 | Copyright (c) 2023, Battelle Energy Alliance, LLC 4 | 5 | Redistribution and use in source and binary forms, with or without 6 | modification, are permitted provided that the following conditions are met: 7 | 8 | 1. Redistributions of source code must retain the above copyright notice, this 9 | list of conditions and the following disclaimer. 10 | 11 | 2. Redistributions in binary form must reproduce the above copyright notice, 12 | this list of conditions and the following disclaimer in the documentation 13 | and/or other materials provided with the distribution. 14 | 15 | 3. Neither the name of the copyright holder nor the names of its 16 | contributors may be used to endorse or promote products derived from 17 | this software without specific prior written permission. 18 | 19 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 20 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 22 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 23 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 25 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 26 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 27 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | -------------------------------------------------------------------------------- /NOTICE.txt: -------------------------------------------------------------------------------- 1 | This project contains code from Idaho National Laboratory's ICSNPP Project 2 | Github URL: https://github.com/cisagov/ICSNPP 3 | Licensed under BSD 3-Part License. 4 | 5 | 6 | © 2023 Battelle Energy Alliance, LLC 7 | ALL RIGHTS RESERVED 8 | 9 | Prepared by Battelle Energy Alliance, LLC 10 | Under Contract No. DE-AC07-05ID14517 11 | With the U. S. Department of Energy 12 | 13 | NOTICE: This computer software was prepared by Battelle Energy 14 | Alliance, LLC, hereinafter the Contractor, under Contract 15 | No. AC07-05ID14517 with the United States (U. S.) Department of 16 | Energy (DOE). The Government is granted for itself and others acting on 17 | its behalf a nonexclusive, paid-up, irrevocable worldwide license in this 18 | data to reproduce, prepare derivative works, and perform publicly and 19 | display publicly, by or on behalf of the Government. There is provision for 20 | the possible extension of the term of this license. Subsequent to that 21 | period or any extension granted, the Government is granted for itself and 22 | others acting on its behalf a nonexclusive, paid-up, irrevocable worldwide 23 | license in this data to reproduce, prepare derivative works, distribute 24 | copies to the public, perform publicly and display publicly, and to permit 25 | others to do so. The specific term of the license can be identified by 26 | inquiry made to Contractor or DOE. NEITHER THE UNITED STATES NOR THE UNITED 27 | STATES DEPARTMENT OF ENERGY, NOR CONTRACTOR MAKES ANY WARRANTY, EXPRESS OR 28 | IMPLIED, OR ASSUMES ANY LIABILITY OR RESPONSIBILITY FOR THE USE, ACCURACY, 29 | COMPLETENESS, OR USEFULNESS OR ANY INFORMATION, APPARATUS, PRODUCT, OR 30 | PROCESS DISCLOSED, OR REPRESENTS THAT ITS USE WOULD NOT INFRINGE PRIVATELY 31 | OWNED RIGHTS. 32 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ICSNPP 2 | 3 | Industrial Control Systems Network Protocol Parsers (ICSNPP) 4 | 5 | Industrial Control Systems protocol parsers plugins for the Zeek network security monitoring framework. Currently we have seven fully developed protocol parsers and two extension scripts. If there are any other ICS protocol parsers you would like to see, please let us know via GitHub issue! 6 | 7 | ## ICSNPP Packages 8 | 9 | All ICSNPP Packages: 10 | * [ICSNPP](https://github.com/cisagov/icsnpp) 11 | 12 | Full ICS Protocol Parsers: 13 | * [BACnet](https://github.com/cisagov/icsnpp-bacnet) 14 | * Full Zeek protocol parser for BACnet (Building Control and Automation) 15 | * [BSAP](https://github.com/cisagov/icsnpp-bsap) 16 | * Full Zeek protocol parser for BSAP (Bristol Standard Asynchronous Protocol) over IP 17 | * Full Zeek protocol parser for BSAP Serial comm converted using serial tap device 18 | * [Ethercat](https://github.com/cisagov/icsnpp-ethercat) 19 | * Full Zeek protocol parser for Ethercat 20 | * [Ethernet/IP and CIP](https://github.com/cisagov/icsnpp-enip) 21 | * Full Zeek protocol parser for Ethernet/IP and CIP 22 | * [GE-SRTP](https://github.com/cisagov/icsnpp-ge-srtp) 23 | * Zeek protocol parser for GE-SRTP 24 | * [Genisys](https://github.com/cisagov/icsnpp-genisys) 25 | * Full Zeek protocol parser for Genisys 26 | * [HART-IP](https://github.com/cisagov/icsnpp-hart-ip) 27 | * Zeek protocol parser for HART-IP 28 | * [Omron FINS](https://github.com/cisagov/icsnpp-omron-fins) 29 | * Zeek protocol parser for Omron FINS 30 | * [OPCUA-Binary](https://github.com/cisagov/icsnpp-opcua-binary) 31 | * Full Zeek protocol parser for OPC UA (OPC Unified Architecture) - Binary 32 | * [ROC-Plus](https://github.com/cisagov/icsnpp-roc-plus) 33 | * Full Zeek protocol parser for ROC Plus 34 | * [S7Comm](https://github.com/cisagov/icsnpp-s7comm) 35 | * Full Zeek protocol parser for S7comm, S7comm-plus, and COTP 36 | * [Synchrophasor](https://github.com/cisagov/icsnpp-synchrophasor) 37 | * Full Zeek protocol parser for Synchrophasor Data Transfer for Power Systems (C37.118) 38 | * [Profinet IO CM](https://github.com/cisagov/icsnpp-profinet-io-cm) 39 | * Full Zeek protocol parser for Profinet I/O Context Manager 40 | 41 | Updates to Zeek ICS Protocol Parsers: 42 | * [DNP3](https://github.com/cisagov/icsnpp-dnp3) 43 | * DNP3 Zeek script extending logging capabilities of Zeek's default DNP3 protocol parser 44 | * [Modbus](https://github.com/cisagov/icsnpp-modbus) 45 | * Modbus Zeek script extending logging capabilities of Zeek's default Modbus protocol parser 46 | 47 | ### License 48 | 49 | Copyright 2023 Battelle Energy Alliance, LLC. Released under the terms of the 3-Clause BSD License (see [`LICENSE.txt`](./LICENSE.txt)). 50 | --------------------------------------------------------------------------------