forked from cisagov/icsnpp-opcua-binary
-
Notifications
You must be signed in to change notification settings - Fork 0
/
types.zeek
77 lines (69 loc) · 3.43 KB
/
types.zeek
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
## types.zeek
##
## OPCUA Binary Protocol Analyzer
##
## Zeek script type/record definitions describing the information
## that will be written to the log files.
##
## Author: Kent Kvarfordt
## Contact: [email protected]
##
## Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved.
module ICSNPP_OPCUA_Binary;
export {
type OPCUA_Binary::Info: record {
ts : time &log;
uid : string &log;
id : conn_id &log;
# Msg Header
opcua_link_id : string &log;
msg_type : string &log;
is_final : string &log;
msg_size : count &log;
# Msg_ERR
error : count &log &optional;
reason : string &log &optional;
# Msg_HEL and Msg_ACK
version : count &log &optional;
rcv_buf_size : count &log &optional;
snd_buf_size : count &log &optional;
max_msg_size : count &log &optional;
max_chunk_cnt : count &log &optional;
endpoint_url : string &log &optional;
# Msg Body
sec_channel_id : count &log &optional;
sec_policy_uri_len : int &log &optional;
sec_policy_uri : string &log &optional;
snd_cert_len : int &log &optional;
snd_cert : string &log &optional;
rcv_cert_len : int &log &optional;
rcv_cert : string &log &optional;
seq_number : count &log &optional;
request_id : count &log &optional;
encoding_mask : count &log &optional;
namespace_idx : count &log &optional;
identifier : count &log &optional;
identifier_str : string &log &optional;
# Request Header
req_hdr_node_id_type : string &log &optional;
req_hdr_node_id_namespace_idx : count &log &optional;
req_hdr_node_id_numeric : count &log &optional;
req_hdr_node_id_string : string &log &optional;
req_hdr_node_id_guid : string &log &optional;
req_hdr_node_id_opaque : string &log &optional;
req_hdr_timestamp : time &log &optional;
req_hdr_request_handle : count &log &optional;
req_hdr_return_diag : count &log &optional;
req_hdr_audit_entry_id : string &log &optional;
req_hdr_timeout_hint : count &log &optional;
req_hdr_add_hdr_type_id : count &log &optional;
req_hdr_add_hdr_enc_mask : count &log &optional;
# Response Header
res_hdr_timestamp : time &log &optional;
res_hdr_request_handle : count &log &optional;
status_code_link_id : string &log &optional; # Link into StatusCodeDetail log
res_hdr_service_diag_encoding : count &log &optional;
res_hdr_add_hdr_type_id : count &log &optional;
res_hdr_add_hdr_enc_mask : count &log &optional;
};
}