-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathget-endpoints-types.zeek
139 lines (113 loc) · 6.25 KB
/
get-endpoints-types.zeek
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
##! get-endpoints-types.zeek
##!
##! OPCUA Binary Protocol Analyzer
##!
##! Zeek script type/record definitions describing the information
##! that will be written to the log files.
##!
##! Author: Kent Kvarfordt
##! Contact: [email protected]
##!
##! Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved.
module ICSNPP_OPCUA_Binary;
export {
type OPCUA_Binary::GetEndpoints: record {
ts : time &log;
uid : string &log;
id : conn_id &log;
is_orig : bool &log;
source_h : addr &log; # Source IP Address
source_p : port &log; # Source Port
destination_h : addr &log; # Destination IP Address
destination_p : port &log; # Destination Port
opcua_link_id : string &log; # Link back into OPCUA_Binary::Info:
endpoint_url : string &log;
locale_link_id : string &log &optional; # Link into OPCUA_Binary::GetEndpointsLocaleId
profile_uri_link_id : string &log &optional; # Link into OPCUA_Binary::GetEndpointsProfileUri
endpoint_description_link_id : string &log &optional; # Link into OPCUA_Binary::GetEndpointsDescription
};
type OPCUA_Binary::GetEndpointsDescription: record {
ts : time &log;
uid : string &log;
id : conn_id &log;
is_orig : bool &log;
source_h : addr &log; # Source IP Address
source_p : port &log; # Source Port
destination_h : addr &log; # Destination IP Address
destination_p : port &log; # Destination Port
endpoint_description_link_id : string &log; # Link back into OPCUA_Binary::GetEndpoints
endpoint_uri : string &log &optional;
# OpcUA_ApplicationDescription
application_uri : string &log &optional;
product_uri : string &log &optional;
encoding_mask : count &log &optional;
locale : string &log &optional;
text : string &log &optional;
application_type : count &log &optional;
gateway_server_uri : string &log &optional;
discovery_profile_uri : string &log &optional;
# OpcUA_ApplicationDescription array of OpcUA_String
discovery_profile_link_id : string &log &optional; # Link into OPCUA_Binary::GetEndpointsDiscovery
# OpcUA_ApplicationInstanceCertificate
cert_size : count &log &optional;
server_cert : string &log &optional;
message_security_mode : count &log &optional;
security_policy_uri : string &log &optional;
# Array of OpcUA_UserTokenPolicy
user_token_link_id : string &log &optional; # Link into OPCUA_Binary::GetEndpointsUserToken
transport_profile_uri : string &log &optional;
security_level : count &log &optional;
};
type OPCUA_Binary::GetEndpointsDiscovery: record {
ts : time &log;
uid : string &log;
id : conn_id &log;
is_orig : bool &log;
source_h : addr &log; # Source IP Address
source_p : port &log; # Source Port
destination_h : addr &log; # Destination IP Address
destination_p : port &log; # Destination Port
discovery_profile_link_id : string &log; # Link back into OPCUA_Binary::GetEndpointsDescription
discovery_profile_url : string &log;
};
type OPCUA_Binary::GetEndpointsUserToken: record {
ts : time &log;
uid : string &log;
id : conn_id &log;
is_orig : bool &log;
source_h : addr &log; # Source IP Address
source_p : port &log; # Source Port
destination_h : addr &log; # Destination IP Address
destination_p : port &log; # Destination Port
user_token_link_id : string &log; # Link back into OPCUA_Binary::GetEndpointsDescription
user_token_policy_id : string &log;
user_token_type : count &log;
user_token_issued_type : string &log &optional;
user_token_endpoint_url : string &log &optional;
user_token_sec_policy_uri : string &log &optional;
};
type OPCUA_Binary::GetEndpointsLocaleId: record {
ts : time &log;
uid : string &log;
id : conn_id &log;
is_orig : bool &log;
source_h : addr &log; # Source IP Address
source_p : port &log; # Source Port
destination_h : addr &log; # Destination IP Address
destination_p : port &log; # Destination Port
locale_link_id : string &log; # Link back into OPCUA_Binary::GetEndpoints
locale_id : string &log;
};
type OPCUA_Binary::GetEndpointsProfileUri: record {
ts : time &log;
uid : string &log;
id : conn_id &log;
is_orig : bool &log;
source_h : addr &log; # Source IP Address
source_p : port &log; # Source Port
destination_h : addr &log; # Destination IP Address
destination_p : port &log; # Destination Port
profile_uri_link_id : string &log; # Link back into OPCUA_Binary::GetEndpoints
profile_uri : string &log;
};
}