forked from cisagov/icsnpp-opcua-binary
-
Notifications
You must be signed in to change notification settings - Fork 0
/
create-session-types.zeek
143 lines (123 loc) · 5.98 KB
/
create-session-types.zeek
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
## create-session-types.zeek
##
## OPCUA Binary Protocol Analyzer
##
## Zeek script type/record definitions describing the information
## that will be written to the log files.
##
## Author: Kent Kvarfordt
## Contact: [email protected]
##
## Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved.
module ICSNPP_OPCUA_Binary;
export {
type OPCUA_Binary::CreateSession: record {
ts : time &log;
uid : string &log;
id : conn_id &log;
opcua_link_id : string &log; # Id back into OCPUA_Binary::Info
#
# Request
#
application_uri : string &log &optional;
product_uri : string &log &optional;
# Application Name
encoding_mask : count &log &optional;
locale : string &log &optional;
text : string &log &optional;
application_type : count &log &optional;
gateway_server_uri : string &log &optional;
discovery_profile_uri : string &log &optional;
discovery_profile_link_id : string &log &optional; # Id into OCPUA_Binary::CreateSessionDiscovery
server_uri : string &log &optional;
endpoint_url : string &log &optional;
session_name : string &log &optional;
client_nonce : string &log &optional;
# Client Certificate
client_cert_size : count &log &optional;
client_cert : string &log &optional;
req_session_timeout : count &log &optional;
max_res_msg_size : count &log &optional;
#
# Response
#
# Session Id
session_id_encoding_mask : string &log &optional;
session_id_namespace_idx : count &log &optional;
session_id_numeric : count &log &optional;
session_id_string : string &log &optional;
session_id_guid : string &log &optional;
session_id_opaque : string &log &optional;
# Auth Token
auth_token_encoding_mask : string &log &optional;
auth_token_namespace_idx : count &log &optional;
auth_token_numeric : count &log &optional;
auth_token_string : string &log &optional;
auth_token_guid : string &log &optional;
auth_token_opaque : string &log &optional;
revised_session_timeout : count &log &optional;
server_nonce : string &log &optional;
# Server Certificate
server_cert_size : count &log &optional;
server_cert : string &log &optional;
endpoint_link_id : string &log &optional; # Id into OPCUA_Binary::CreateSessionEndpoints
#
# From Table 15 - CreateSession Service Parameters: Response
#
# Description: serverSoftwareCertificates:
#
# This parameter is deprecated and the array shall be empty. Note: Based on sample
# packet capture data, the server_software_cert_size is present, but always set to -1.
# For this reason, we parse it, but do not log it.
#
# server_software_cert_size : int32;
# server_software_cert : SignedSoftwareCertificate
# Server Signature Data
algorithm : string &log &optional;
signature : string &log &optional;
# Max Request Message Size
max_req_msg_size : count &log &optional;
};
type OPCUA_Binary::CreateSessionDiscovery: record {
ts : time &log;
uid : string &log;
id : conn_id &log;
discovery_profile_link_id : string &log; # Id back into OCPUA_Binary::CreateSession
discovery_profile_uri : string &log;
discovery_profile_url : string &log;
};
type OPCUA_Binary::CreateSessionEndpoints: record {
ts : time &log;
uid : string &log;
id : conn_id &log;
endpoint_link_id : string &log; # Id back into OPCUA_Binary::CreateSession
endpoint_url : string &log;
application_uri : string &log &optional;
product_uri : string &log &optional;
encoding_mask : count &log &optional;
locale : string &log &optional;
text : string &log &optional;
application_type : count &log &optional;
gateway_server_uri : string &log &optional;
discovery_profile_uri : string &log &optional;
discovery_profile_link_id : string &log &optional;
cert_size : count &log &optional;
server_cert : string &log &optional;
message_security_mode : count &log &optional;
security_policy_uri : string &log &optional;
user_token_link_id : string &log &optional; # Id into OPCUA_Binary::CreateSessionUserToken
transport_profile_uri : string &log &optional;
security_level : count &log &optional;
};
type OPCUA_Binary::CreateSessionUserToken: record {
ts : time &log;
uid : string &log;
id : conn_id &log;
user_token_link_id : string &log; # Id back into OPCUA_Binary::CreateSessionEndpoints
user_token_policy_id : string &log;
user_token_type : count &log;
user_token_issued_type : string &log &optional;
user_token_endpoint_url : string &log &optional;
user_token_sec_policy_uri : string &log &optional;
};
}