-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathbrowse-types.zeek
167 lines (133 loc) · 8.13 KB
/
browse-types.zeek
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
##! create-browse_view-types.zeek
##!
##! OPCUA Binary Protocol Analyzer
##!
##! Zeek script type/record definitions describing the information
##! that will be written to the log files.
##!
##! Author: Melanie Pierce
##! Contact: [email protected]
##!
##! Copyright (c) 2022 Battelle Energy Alliance, LLC. All rights reserved.
module ICSNPP_OPCUA_Binary;
export {
type OPCUA_Binary::Browse: record {
ts : time &log;
uid : string &log;
id : conn_id &log;
is_orig : bool &log;
source_h : addr &log; # Source IP Address
source_p : port &log; # Source Port
destination_h : addr &log; # Destination IP Address
destination_p : port &log; # Destination Port
opcua_link_id : string &log; # Id back into OCPUA_Binary::Info
browse_service_type : string &log &optional;
browse_view_id_encoding_mask : string &log &optional;
browse_view_id_namespace_idx : count &log &optional;
browse_view_id_numeric : count &log &optional;
browse_view_id_string : string &log &optional;
browse_view_id_guid : string &log &optional;
browse_view_id_opaque : string &log &optional;
browse_view_description_timestamp : time &log &optional;
browse_view_description_view_version : count &log &optional;
req_max_ref_nodes : count &log &optional;
browse_description_link_id : string &log &optional; # Id into OPCUA::BrowseDescription
browse_next_release_continuation_point : bool &log &optional;
browse_next_link_id : string &log &optional; # id into OPCUA_Binary::BrowseRequestContinuationPoint
browse_response_link_id : string &log &optional; # Id into OPCUA::BrowseResult
browse_diag_info_link_id : string &log &optional; # Id into OPCUA_Binary::DiagnosticInfoDetail log
};
type OPCUA_Binary::BrowseDescription: record {
ts : time &log;
uid : string &log;
id : conn_id &log;
is_orig : bool &log;
source_h : addr &log; # Source IP Address
source_p : port &log; # Source Port
destination_h : addr &log; # Destination IP Address
destination_p : port &log; # Destination Port
browse_description_link_id : string &log; # Id back into OCPUA_Binary::Browse
browse_description_encoding_mask : string &log &optional;
browse_description_namespace_idx : count &log &optional;
browse_description_numeric : count &log &optional;
browse_description_string : string &log &optional;
browse_description_guid : string &log &optional;
browse_description_opaque : string &log &optional;
browse_direction : string &log &optional;
browse_description_ref_encoding_mask : string &log &optional;
browse_description_ref_namespace_idx : count &log &optional;
browse_description_ref_numeric : count &log &optional;
browse_description_ref_string : string &log &optional;
browse_description_ref_guid : string &log &optional;
browse_description_ref_opaque : string &log &optional;
browse_description_include_subtypes : bool &log &optional;
browse_node_class_mask : string &log &optional;
browse_result_mask : string &log &optional;
};
type OPCUA_Binary::BrowseRequestContinuationPoint: record {
ts : time &log;
uid : string &log;
id : conn_id &log;
is_orig : bool &log;
source_h : addr &log; # Source IP Address
source_p : port &log; # Source Port
destination_h : addr &log; # Destination IP Address
destination_p : port &log; # Destination Port
browse_next_link_id : string &log; # Id back into OCPUA_Binary::Browse
continuation_point : string &log &optional;
};
type OPCUA_Binary::BrowseResult: record {
ts : time &log;
uid : string &log;
id : conn_id &log;
is_orig : bool &log;
source_h : addr &log; # Source IP Address
source_p : port &log; # Source Port
destination_h : addr &log; # Destination IP Address
destination_p : port &log; # Destination Port
browse_response_link_id : string &log; # Id back into OCPUA_Binary::Browse
status_code_link_id : string &log &optional; # Id into OPCUA_Binary::StatusCodeDetail log
browse_result_continuation_point : string &log &optional;
browse_reference_link_id : string &log &optional; # Id into OPCUA_Binary::BrowseReference log
};
type OPCUA_Binary::BrowseReference: record {
ts : time &log;
uid : string &log;
id : conn_id &log;
is_orig : bool &log;
source_h : addr &log; # Source IP Address
source_p : port &log; # Source Port
destination_h : addr &log; # Destination IP Address
destination_p : port &log; # Destination Port
browse_reference_link_id : string &log; # Id back into OCPUA_Binary::BrowseResult
browse_response_ref_encoding_mask : string &log &optional;
browse_response_ref_namespace_idx : count &log &optional;
browse_response_ref_numeric : count &log &optional;
browse_response_ref_string : string &log &optional;
browse_response_ref_guid : string &log &optional;
browse_response_ref_opaque : string &log &optional;
browse_response_is_forward : bool &log &optional;
browse_response_ref_type_encoding_mask : string &log &optional;
browse_response_ref_type_namespace_idx : count &log &optional;
browse_response_ref_type_numeric : count &log &optional;
browse_response_ref_type_string : string &log &optional;
browse_response_ref_type_guid : string &log &optional;
browse_response_ref_type_opaque : string &log &optional;
browse_response_ref_type_namespace_uri : string &log &optional;
browse_response_ref_type_server_idx : count &log &optional;
browse_response_ref_name_idx : count &log &optional;
browse_response_ref_name : string &log &optional;
browse_response_display_name_mask : string &log &optional;
browse_response_display_name_locale : string &log &optional;
browse_response_display_name_text : string &log &optional;
browse_response_node_class : string &log &optional;
browse_response_type_def_encoding_mask : string &log &optional;
browse_response_type_def_namespace_idx : count &log &optional;
browse_response_type_def_numeric : count &log &optional;
browse_response_type_def_string : string &log &optional;
browse_response_type_def_guid : string &log &optional;
browse_response_type_def_opaque : string &log &optional;
browse_response_type_def_namespace_uri : string &log &optional;
browse_response_type_def_server_idx : count &log &optional;
};
}