<div dir="ltr">Hi Blake,<div><br></div><div>Thank you so much for reaching out to the list. YES, please open these through our package manager. We would be delighted, but more importantly, the community of Zeek users will be. </div><div><br></div><div>Thank you and your team for extending the capabilities of Zeek.</div><div><br></div><div>I'll be reaching out off-list to set up some time to meet with you and your colleagues at ZeekWeek. </div><div><br></div><div>Please let me know if you have any questions.</div><div><br></div><div>~Amber</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Sep 30, 2019 at 3:50 PM Johnson, Blake <<a href="mailto:joblake@amazon.com">joblake@amazon.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Team -<br>
<br>
As part of our work on the Customer Fulfillment Technology Security team at Amazon.com we've developed a set of protocol parsers for industrial control systems devices that we use in our production Zeek deployment. At this stage we're approved to release several of them as open source and would like to understand both if the Zeek team would be interested in taking these as contributions to upstream and, if you are, how best to coordinate the process of merging the contributions in. The five plugins we're approved to share now are:<br>
<br>
* BACnet<br>
* Ethernet/IP & Common Industrial Protocol (one plugin)<br>
* Profinet<br>
* S7comm<br>
* MS-TDS Tabular Data Stream Protocol (not strictly ICS but used by some SCADA historians)<br>
<br>
If the team is interested in this upstream we can submit as pull requests on GitHub, for example as one pull request per plugin, or via another workflow. If they're not a fit for upstream we can pursue an independent release. I'm really excited to make this available to the community either way! The two main authors, my colleague Tri and myself, will be at ZeekWeek here in Seattle next month to discuss these and a few others we have coming down the pipe.<br>
<br>
Let us know what works,<br>
<br>
Blake Johnson<br>
Security Engineer<br>
Control Systems Security<br>
Amazon.com<br>
<br>
_______________________________________________<br>
zeek-dev mailing list<br>
<a href="mailto:zeek-dev@zeek.org" target="_blank">zeek-dev@zeek.org</a><br>
<a href="http://mailman.icsi.berkeley.edu/mailman/listinfo/zeek-dev" rel="noreferrer" target="_blank">http://mailman.icsi.berkeley.edu/mailman/listinfo/zeek-dev</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><br></div><div><b>Amber Graner</b><br></div><div dir="ltr"><div>Director of Community</div><div>Corelight, Inc</div><div><br></div><div>828.582.9469</div><div> <img src="https://docs.google.com/uc?export=download&id=1MTXJBi1xPM2qKl8UcodvN_SWzhbVGMfK&revid=0B0wAXWxdbUhfbm11UXB3ckxPSGcyT1ZFUnlSWXdLaTMra0JFPQ"> <img src="https://drive.google.com/a/corelight.com/uc?id=1OQSHTl-835fsFWfOGYlml2dPsvY5k9Bk&export=download" width="96" height="39"><br></div><div><br></div><div> * Ask me about how you can participate in the Zeek (formerly Bro) community.</div><div> * Remember - ZEEK AND YOU SHALL FIND!!</div><div><br></div><div><br></div></div></div></div></div></div>