Skip to content

Instantly share code, notes, and snippets.

@jasonish

jasonish/eve-dnp3.json

Last active August 29, 2015 14:21
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save jasonish/71d4df870977b68c5db9 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save jasonish/71d4df870977b68c5db9 to your computer and use it in GitHub Desktop.
Download ZIP
Sample DNP3 transaction logging
Raw
eve-dnp3.json
{
"dnp3": {
"iin": {
"indicators": [
"device_restart",
"class_2_events",
"class_1_events"
],
"value": 34304
},
"application": {
"objects": [
{
"variation": 1,
"group": 1
}
],
"function_code": 129,
"control": {
"sequence": 13,
"uns": false,
"con": false,
"fin": true,
"fir": true,
"value": 205
}
},
"transport": {
"sequence": 25,
"fir": true,
"fin": true,
"value": 217
},
"dst": 1,
"src": 1,
"control": {
"function_code": 4,
"fcv": false,
"fcb": false,
"pri": true,
"dir": false,
"value": 68
},
"type": "response"
},
"proto": "TCP",
"timestamp": "2015-04-01T14:54:12.641750-0600",
"flow_id": 106790066891968,
"pcap_cnt": 4888,
"event_type": "dnp3",
"src_ip": "192.168.9.102",
"src_port": 50600,
"dest_ip": "192.168.2.100",
"dest_port": 20000
}
{
"alert": {
"tx_id": 1104,
"severity": 3,
"category": "",
"signature": "DNP3 Sample internal indicators match",
"rev": 1,
"signature_id": 2,
"gid": 1,
"action": "allowed"
},
"timestamp": "2015-04-01T14:54:12.641750-0600",
"flow_id": 106790066891968,
"event_type": "alert",
"src_ip": "192.168.2.100",
"src_port": 20000,
"dest_ip": "192.168.9.102",
"dest_port": 50600,
"proto": "TCP"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment