[Zeek-Dev] Additional Industrial Control Systems Protocols

Amber Graner akgraner at corelight.com
Mon Sep 30 17:45:30 PDT 2019 

Hi Blake,

Thank you so much for reaching out to the list.  YES, please open these
through our package manager.  We would be delighted, but more importantly,
the community of Zeek users will be.

Thank you and your team for extending the capabilities of Zeek.

I'll be reaching out off-list to set up some time to meet with you and your
colleagues at ZeekWeek.

Please let me know if you have any questions.

~Amber


On Mon, Sep 30, 2019 at 3:50 PM Johnson, Blake <joblake at amazon.com> wrote:

> Hi Team -
>
> As part of our work on the Customer Fulfillment Technology Security team
> at Amazon.com we've developed a set of protocol parsers for industrial
> control systems devices that we use in our production Zeek deployment. At
> this stage we're approved to release several of them as open source and
> would like to understand both if the Zeek team would be interested in
> taking these as contributions to upstream and, if you are, how best to
> coordinate the process of merging the contributions in. The five plugins
> we're approved to share now are:
>
> * BACnet
> * Ethernet/IP & Common Industrial Protocol (one plugin)
> * Profinet
> * S7comm
> * MS-TDS Tabular Data Stream Protocol (not strictly ICS but used by some
> SCADA historians)
>
> If the team is interested in this upstream we can submit as pull requests
> on GitHub, for example as one pull request per plugin, or via another
> workflow. If they're not a fit for upstream we can pursue an independent
> release. I'm really excited to make this available to the community either
> way!  The two main authors, my colleague Tri and myself, will be at
> ZeekWeek here in Seattle next month to discuss these and a few others we
> have coming down the pipe.
>
> Let us know what works,
>
> Blake Johnson
> Security Engineer
> Control Systems Security
> Amazon.com
>
> _______________________________________________
> zeek-dev mailing list
> zeek-dev at zeek.org
> http://mailman.icsi.berkeley.edu/mailman/listinfo/zeek-dev
>


-- 

*Amber Graner*
Director of Community
Corelight, Inc

828.582.9469


 * Ask me about how you can participate in the Zeek (formerly Bro)
community.
 * Remember - ZEEK AND YOU SHALL FIND!!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/zeek-dev/attachments/20190930/1fd101f4/attachment.html

More information about the zeek-dev mailing list