forked from cisagov/ACID
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathzkg.meta
22 lines (19 loc) · 894 Bytes
/
zkg.meta
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
[package]
script_dir = scripts
summary = ACID is a collection of OT protocol indicator scripts focused on ATT&CK for ICS behaviors.
tags = ics, OT, attack, ATT&CK, mitre, cisa, OT protocol, detection, notices, input, logging, CIP, S7comm, bacnet, icsnpp
credits = Jake Steele <[email protected]>, Jack Cyprus <[email protected]>, Otis Alexander <[email protected]>
description = ATT&CK-based Control-system Indicator Detection (ACID) is a collection of Zeek scripts designed to detect
ATT&CK for ICS behaviors on OT protocols. These events are reported through the Zeek Notice framework.
depends =
zeek >=4.0.0
http://github.com/cisagov/icsnpp-bacnet *
http://github.com/cisagov/icsnpp-enip *
http://github.com/cisagov/icsnpp-s7comm *
[template]
source = https://github.com/zeek/package-template
version = v3.1.0
zkg_version = 2.13.0
[template_vars]
name = ACID
namespace = MITRE