base/bif/plugins/Bro_DNP3.events.bif.bro

GLOBAL
Namespace:GLOBAL
Source File:/scripts/base/bif/plugins/Bro_DNP3.events.bif.bro

Summary

Events

dnp3_analog_input_16wFlag: event Generated for DNP3 objects with the group number 30 and variation number 2 analog input 16 bit with flag
dnp3_analog_input_16woFlag: event Generated for DNP3 objects with the group number 30 and variation number 4 analog input 16 bit without flag
dnp3_analog_input_32wFlag: event Generated for DNP3 objects with the group number 30 and variation number 1 analog input 32 bit with flag
dnp3_analog_input_32woFlag: event Generated for DNP3 objects with the group number 30 and variation number 3 analog input 32 bit without flag
dnp3_analog_input_DPwFlag: event Generated for DNP3 objects with the group number 30 and variation number 6 analog input double precision, float point with flag
dnp3_analog_input_SPwFlag: event Generated for DNP3 objects with the group number 30 and variation number 5 analog input single precision, float point with flag
dnp3_analog_input_event_16wTime: event Generated for DNP3 objects with the group number 32 and variation number 4 analog input event 16 bit with time
dnp3_analog_input_event_16woTime: event Generated for DNP3 objects with the group number 32 and variation number 2 analog input event 16 bit without time
dnp3_analog_input_event_32wTime: event Generated for DNP3 objects with the group number 32 and variation number 3 analog input event 32 bit with time
dnp3_analog_input_event_32woTime: event Generated for DNP3 objects with the group number 32 and variation number 1 analog input event 32 bit without time
dnp3_analog_input_event_DPwTime: event Generated for DNP3 objects with the group number 32 and variation number 8 analog input event double-precisiion float point with time
dnp3_analog_input_event_DPwoTime: event Generated for DNP3 objects with the group number 32 and variation number 6 analog input event double-precision float point without time
dnp3_analog_input_event_SPwTime: event Generated for DNP3 objects with the group number 32 and variation number 7 analog input event single-precision float point with time
dnp3_analog_input_event_SPwoTime: event Generated for DNP3 objects with the group number 32 and variation number 5 analog input event single-precision float point without time
dnp3_application_request_header: event Generated for a DNP3 request header.
dnp3_application_response_header: event Generated for a DNP3 response header.
dnp3_attribute_common: event Generated for DNP3 attributes.
dnp3_counter_16wFlag: event Generated for DNP3 objects with the group number 20 and variation number 2 counter 16 bit with flag
dnp3_counter_16woFlag: event Generated for DNP3 objects with the group number 20 and variation number 6 counter 16 bit without flag
dnp3_counter_32wFlag: event Generated for DNP3 objects with the group number 20 and variation number 1 counter 32 bit with flag
dnp3_counter_32woFlag: event Generated for DNP3 objects with the group number 20 and variation number 5 counter 32 bit without flag
dnp3_crob: event Generated for DNP3 objects with the group number 12 and variation number 1 CROB: control relay output block
dnp3_debug_byte: event Debugging event generated by the DNP3 analyzer.
dnp3_file_transport: event g70
dnp3_frozen_analog_input_16wFlag: event Generated for DNP3 objects with the group number 31 and variation number 2 frozen analog input 16 bit with flag
dnp3_frozen_analog_input_16wTime: event Generated for DNP3 objects with the group number 31 and variation number 4 frozen analog input 16 bit with time-of-freeze
dnp3_frozen_analog_input_16woFlag: event Generated for DNP3 objects with the group number 31 and variation number 6 frozen analog input 16 bit without flag
dnp3_frozen_analog_input_32wFlag: event Generated for DNP3 objects with the group number 31 and variation number 1 frozen analog input 32 bit with flag
dnp3_frozen_analog_input_32wTime: event Generated for DNP3 objects with the group number 31 and variation number 3 frozen analog input 32 bit with time-of-freeze
dnp3_frozen_analog_input_32woFlag: event Generated for DNP3 objects with the group number 31 and variation number 5 frozen analog input 32 bit without flag
dnp3_frozen_analog_input_DPwFlag: event Generated for DNP3 objects with the group number 31 and variation number 8 frozen analog input double-precision, float point with flag
dnp3_frozen_analog_input_SPwFlag: event Generated for DNP3 objects with the group number 31 and variation number 7 frozen analog input single-precision, float point with flag
dnp3_frozen_analog_input_event_16wTime: event Generated for DNP3 objects with the group number 33 and variation number 4 frozen analog input event 16 bit with time
dnp3_frozen_analog_input_event_16woTime: event Generated for DNP3 objects with the group number 33 and variation number 2 frozen analog input event 16 bit without time
dnp3_frozen_analog_input_event_32wTime: event Generated for DNP3 objects with the group number 33 and variation number 3 frozen analog input event 32 bit with time
dnp3_frozen_analog_input_event_32woTime: event Generated for DNP3 objects with the group number 33 and variation number 1 frozen analog input event 32 bit without time
dnp3_frozen_analog_input_event_DPwTime: event Generated for DNP3 objects with the group number 34 and variation number 8 frozen analog input event double-precision float point with time
dnp3_frozen_analog_input_event_DPwoTime: event Generated for DNP3 objects with the group number 33 and variation number 6 frozen analog input event double-precision float point without time
dnp3_frozen_analog_input_event_SPwTime: event Generated for DNP3 objects with the group number 33 and variation number 7 frozen analog input event single-precision float point with time
dnp3_frozen_analog_input_event_SPwoTime: event Generated for DNP3 objects with the group number 33 and variation number 5 frozen analog input event single-precision float point without time
dnp3_frozen_counter_16wFlag: event Generated for DNP3 objects with the group number 21 and variation number 2 frozen counter 16 bit with flag
dnp3_frozen_counter_16wFlagTime: event Generated for DNP3 objects with the group number 21 and variation number 6 frozen counter 16 bit with flag and time
dnp3_frozen_counter_16woFlag: event Generated for DNP3 objects with the group number 21 and variation number 10 frozen counter 16 bit without flag
dnp3_frozen_counter_32wFlag: event Generated for DNP3 objects with the group number 21 and variation number 1 frozen counter 32 bit with flag
dnp3_frozen_counter_32wFlagTime: event Generated for DNP3 objects with the group number 21 and variation number 5 frozen counter 32 bit with flag and time
dnp3_frozen_counter_32woFlag: event Generated for DNP3 objects with the group number 21 and variation number 9 frozen counter 32 bit without flag
dnp3_header_block: event Generated for an additional header that the DNP3 analyzer passes to the script-level.
dnp3_object_header: event Generated for the object header found in both DNP3 requests and responses.
dnp3_object_prefix: event Generated for the prefix before a DNP3 object.
dnp3_pcb: event Generated for DNP3 objects with the group number 12 and variation number 2 PCB: Pattern Control Block
dnp3_response_data_object: event Generated for a DNP3 “Response_Data_Object”.

Detailed Interface

Events

dnp3_analog_input_16wFlag
Type:event (c: connection, is_orig: bool, flag: count, value: count)

Generated for DNP3 objects with the group number 30 and variation number 2 analog input 16 bit with flag

dnp3_analog_input_16woFlag
Type:event (c: connection, is_orig: bool, value: count)

Generated for DNP3 objects with the group number 30 and variation number 4 analog input 16 bit without flag

dnp3_analog_input_32wFlag
Type:event (c: connection, is_orig: bool, flag: count, value: count)

Generated for DNP3 objects with the group number 30 and variation number 1 analog input 32 bit with flag

dnp3_analog_input_32woFlag
Type:event (c: connection, is_orig: bool, value: count)

Generated for DNP3 objects with the group number 30 and variation number 3 analog input 32 bit without flag

dnp3_analog_input_DPwFlag
Type:event (c: connection, is_orig: bool, flag: count, value_low: count, value_high: count)

Generated for DNP3 objects with the group number 30 and variation number 6 analog input double precision, float point with flag

dnp3_analog_input_SPwFlag
Type:event (c: connection, is_orig: bool, flag: count, value: count)

Generated for DNP3 objects with the group number 30 and variation number 5 analog input single precision, float point with flag

dnp3_analog_input_event_16wTime
Type:event (c: connection, is_orig: bool, flag: count, value: count, time48: count)

Generated for DNP3 objects with the group number 32 and variation number 4 analog input event 16 bit with time

dnp3_analog_input_event_16woTime
Type:event (c: connection, is_orig: bool, flag: count, value: count)

Generated for DNP3 objects with the group number 32 and variation number 2 analog input event 16 bit without time

dnp3_analog_input_event_32wTime
Type:event (c: connection, is_orig: bool, flag: count, value: count, time48: count)

Generated for DNP3 objects with the group number 32 and variation number 3 analog input event 32 bit with time

dnp3_analog_input_event_32woTime
Type:event (c: connection, is_orig: bool, flag: count, value: count)

Generated for DNP3 objects with the group number 32 and variation number 1 analog input event 32 bit without time

dnp3_analog_input_event_DPwTime
Type:event (c: connection, is_orig: bool, flag: count, value_low: count, value_high: count, time48: count)

Generated for DNP3 objects with the group number 32 and variation number 8 analog input event double-precisiion float point with time

dnp3_analog_input_event_DPwoTime
Type:event (c: connection, is_orig: bool, flag: count, value_low: count, value_high: count)

Generated for DNP3 objects with the group number 32 and variation number 6 analog input event double-precision float point without time

dnp3_analog_input_event_SPwTime
Type:event (c: connection, is_orig: bool, flag: count, value: count, time48: count)

Generated for DNP3 objects with the group number 32 and variation number 7 analog input event single-precision float point with time

dnp3_analog_input_event_SPwoTime
Type:event (c: connection, is_orig: bool, flag: count, value: count)

Generated for DNP3 objects with the group number 32 and variation number 5 analog input event single-precision float point without time

dnp3_application_request_header
Type:event (c: connection, is_orig: bool, application: count, fc: count)

Generated for a DNP3 request header.

C:The connection the DNP3 communication is part of.
Is_orig:True if this reflects originator-side activity.
Fc:function code.
dnp3_application_response_header
Type:event (c: connection, is_orig: bool, application: count, fc: count, iin: count)

Generated for a DNP3 response header.

C:The connection the DNP3 communication is part of.
Is_orig:True if this reflects originator-side activity.
Fc:function code.
Iin:internal indication number.
dnp3_attribute_common
Type:event (c: connection, is_orig: bool, data_type_code: count, leng: count, attribute_obj: string)

Generated for DNP3 attributes.

dnp3_counter_16wFlag
Type:event (c: connection, is_orig: bool, flag: count, count_value: count)

Generated for DNP3 objects with the group number 20 and variation number 2 counter 16 bit with flag

dnp3_counter_16woFlag
Type:event (c: connection, is_orig: bool, count_value: count)

Generated for DNP3 objects with the group number 20 and variation number 6 counter 16 bit without flag

dnp3_counter_32wFlag
Type:event (c: connection, is_orig: bool, flag: count, count_value: count)

Generated for DNP3 objects with the group number 20 and variation number 1 counter 32 bit with flag

dnp3_counter_32woFlag
Type:event (c: connection, is_orig: bool, count_value: count)

Generated for DNP3 objects with the group number 20 and variation number 5 counter 32 bit without flag

dnp3_crob
Type:event (c: connection, is_orig: bool, control_code: count, count8: count, on_time: count, off_time: count, status_code: count)

Generated for DNP3 objects with the group number 12 and variation number 1

CROB:control relay output block
dnp3_debug_byte
Type:event (c: connection, is_orig: bool, debug: string)

Debugging event generated by the DNP3 analyzer. The “Debug_Byte” binpac unit generates this for unknown “cases”. The user can use it to debug the byte string to check what caused the malformed network packets.

dnp3_file_transport
Type:event (c: connection, is_orig: bool, file_handle: count, block_num: count, file_data: string)

g70

dnp3_frozen_analog_input_16wFlag
Type:event (c: connection, is_orig: bool, flag: count, frozen_value: count)

Generated for DNP3 objects with the group number 31 and variation number 2 frozen analog input 16 bit with flag

dnp3_frozen_analog_input_16wTime
Type:event (c: connection, is_orig: bool, flag: count, frozen_value: count, time48: count)

Generated for DNP3 objects with the group number 31 and variation number 4 frozen analog input 16 bit with time-of-freeze

dnp3_frozen_analog_input_16woFlag
Type:event (c: connection, is_orig: bool, frozen_value: count)

Generated for DNP3 objects with the group number 31 and variation number 6 frozen analog input 16 bit without flag

dnp3_frozen_analog_input_32wFlag
Type:event (c: connection, is_orig: bool, flag: count, frozen_value: count)

Generated for DNP3 objects with the group number 31 and variation number 1 frozen analog input 32 bit with flag

dnp3_frozen_analog_input_32wTime
Type:event (c: connection, is_orig: bool, flag: count, frozen_value: count, time48: count)

Generated for DNP3 objects with the group number 31 and variation number 3 frozen analog input 32 bit with time-of-freeze

dnp3_frozen_analog_input_32woFlag
Type:event (c: connection, is_orig: bool, frozen_value: count)

Generated for DNP3 objects with the group number 31 and variation number 5 frozen analog input 32 bit without flag

dnp3_frozen_analog_input_DPwFlag
Type:event (c: connection, is_orig: bool, flag: count, frozen_value_low: count, frozen_value_high: count)

Generated for DNP3 objects with the group number 31 and variation number 8 frozen analog input double-precision, float point with flag

dnp3_frozen_analog_input_SPwFlag
Type:event (c: connection, is_orig: bool, flag: count, frozen_value: count)

Generated for DNP3 objects with the group number 31 and variation number 7 frozen analog input single-precision, float point with flag

dnp3_frozen_analog_input_event_16wTime
Type:event (c: connection, is_orig: bool, flag: count, frozen_value: count, time48: count)

Generated for DNP3 objects with the group number 33 and variation number 4 frozen analog input event 16 bit with time

dnp3_frozen_analog_input_event_16woTime
Type:event (c: connection, is_orig: bool, flag: count, frozen_value: count)

Generated for DNP3 objects with the group number 33 and variation number 2 frozen analog input event 16 bit without time

dnp3_frozen_analog_input_event_32wTime
Type:event (c: connection, is_orig: bool, flag: count, frozen_value: count, time48: count)

Generated for DNP3 objects with the group number 33 and variation number 3 frozen analog input event 32 bit with time

dnp3_frozen_analog_input_event_32woTime
Type:event (c: connection, is_orig: bool, flag: count, frozen_value: count)

Generated for DNP3 objects with the group number 33 and variation number 1 frozen analog input event 32 bit without time

dnp3_frozen_analog_input_event_DPwTime
Type:event (c: connection, is_orig: bool, flag: count, frozen_value_low: count, frozen_value_high: count, time48: count)

Generated for DNP3 objects with the group number 34 and variation number 8 frozen analog input event double-precision float point with time

dnp3_frozen_analog_input_event_DPwoTime
Type:event (c: connection, is_orig: bool, flag: count, frozen_value_low: count, frozen_value_high: count)

Generated for DNP3 objects with the group number 33 and variation number 6 frozen analog input event double-precision float point without time

dnp3_frozen_analog_input_event_SPwTime
Type:event (c: connection, is_orig: bool, flag: count, frozen_value: count, time48: count)

Generated for DNP3 objects with the group number 33 and variation number 7 frozen analog input event single-precision float point with time

dnp3_frozen_analog_input_event_SPwoTime
Type:event (c: connection, is_orig: bool, flag: count, frozen_value: count)

Generated for DNP3 objects with the group number 33 and variation number 5 frozen analog input event single-precision float point without time

dnp3_frozen_counter_16wFlag
Type:event (c: connection, is_orig: bool, flag: count, count_value: count)

Generated for DNP3 objects with the group number 21 and variation number 2 frozen counter 16 bit with flag

dnp3_frozen_counter_16wFlagTime
Type:event (c: connection, is_orig: bool, flag: count, count_value: count, time48: count)

Generated for DNP3 objects with the group number 21 and variation number 6 frozen counter 16 bit with flag and time

dnp3_frozen_counter_16woFlag
Type:event (c: connection, is_orig: bool, count_value: count)

Generated for DNP3 objects with the group number 21 and variation number 10 frozen counter 16 bit without flag

dnp3_frozen_counter_32wFlag
Type:event (c: connection, is_orig: bool, flag: count, count_value: count)

Generated for DNP3 objects with the group number 21 and variation number 1 frozen counter 32 bit with flag

dnp3_frozen_counter_32wFlagTime
Type:event (c: connection, is_orig: bool, flag: count, count_value: count, time48: count)

Generated for DNP3 objects with the group number 21 and variation number 5 frozen counter 32 bit with flag and time

dnp3_frozen_counter_32woFlag
Type:event (c: connection, is_orig: bool, count_value: count)

Generated for DNP3 objects with the group number 21 and variation number 9 frozen counter 32 bit without flag

dnp3_header_block
Type:event (c: connection, is_orig: bool, start: count, len: count, ctrl: count, dest_addr: count, src_addr: count)

Generated for an additional header that the DNP3 analyzer passes to the script-level. This header mimics the DNP3 transport-layer yet is only passed once for each sequence of DNP3 records (which are otherwise reassembled and treated as a single entity).

C:The connection the DNP3 communication is part of.
Is_orig:True if this reflects originator-side activity.
Start:the first two bytes of the DNP3 Pseudo Link Layer; its value is fixed as 0x0564.
Len:the “length” field in the DNP3 Pseudo Link Layer.
Ctrl:the “control” field in the DNP3 Pseudo Link Layer.
Dest_addr:the “destination” field in the DNP3 Pseudo Link Layer.
Src_addr:the “source” field in the DNP3 Pseudo Link Layer.
dnp3_object_header
Type:event (c: connection, is_orig: bool, obj_type: count, qua_field: count, number: count, rf_low: count, rf_high: count)

Generated for the object header found in both DNP3 requests and responses.

C:The connection the DNP3 communication is part of.
Is_orig:True if this reflects originator-side activity.
Obj_type:type of object, which is classified based on an 8-bit group number and an 8-bit variation number.
Qua_field:qualifier field.
Number:TODO.
Rf_low:the structure of the range field depends on the qualified field. In some cases, the range field contains only one logic part, e.g., number of objects, so only rf_low contains useful values.
Rf_high:in some cases, the range field contains two logic parts, e.g., start index and stop index, so rf_low contains the start index while rf_high contains the stop index.
dnp3_object_prefix
Type:event (c: connection, is_orig: bool, prefix_value: count)

Generated for the prefix before a DNP3 object. The structure and the meaning of the prefix are defined by the qualifier field.

C:The connection the DNP3 communication is part of.
Is_orig:True if this reflects originator-side activity.
Prefix_value:The prefix.
dnp3_pcb
Type:event (c: connection, is_orig: bool, control_code: count, count8: count, on_time: count, off_time: count, status_code: count)

Generated for DNP3 objects with the group number 12 and variation number 2

PCB:Pattern Control Block
dnp3_response_data_object
Type:event (c: connection, is_orig: bool, data_value: count)

Generated for a DNP3 “Response_Data_Object”. The “Response_Data_Object” contains two parts: object prefix and object data. In most cases, object data are defined by new record types. But in a few cases, object data are directly basic types, such as int16, or int8; thus we use an additional data_value to record the values of those object data.

C:The connection the DNP3 communication is part of.
Is_orig:True if this reflects originator-side activity.
Data_value:The value for those objects that carry their information here directly.

Table of Contents

Next Page

base/bif/plugins/Bro_DNS.events.bif.bro

Previous Page

base/bif/plugins/Bro_DHCP.events.bif.bro

Copyright 2016, The Bro Project. Last updated on December 07, 2018. Created using Sphinx 1.8.2.