The goal is to develop and share parseres for OT-protocols in zeek.
There are several ways to contribute:
- Report errors (and fixes if possible)
- provide useful enhancements or new parsers
In order to test a parser a corresponding pcap is required.
Industrial Control Systems protocol parsers plugins for the Zeek network security monitoring framework using Spicy. The following parsers are currently provided in this repository:
Navigate to the specific protocol folder to get a README about the implemented functions and metadata.
The Parsers where developed within a IT/OT-Lab environment, under usage of real, captured network traffic. Remember that your live plant and network traffic might differ from our tested cases, due to a lack of reliant network data, which might result in unexpected behavior of the parsers. In such a case we encourage you to participate in our cause by improving the given parsers.
The software was developed on behalf of the BSI (Federal Office for Information Security)
Copyright (c) 2023 by DINA-Community BSD 3-Clause License. See License