Updates to ICSNPP log files #226
Assignees
Labels
enhancement
New feature or request
external
Depends on a bug or feature external to this project
ics
Relating to ICS (Industrial Control Systems) devices
zeek
Relating to Malcolm's use of Zeek
Milestone
Comments
Kleinspider
added
enhancement
mmguero
added
ics
This was referenced Aug 14, 2023
Merged
mmguero
added a commit
that referenced
this issue
Aug 15, 2023
Malcolm v23.08.0 is a minor release with a few improvements, bug fixes and component updates. v23.07.1...v23.08.0 * Features and enhancements + Rewrote the [Network Traffic Artifact Upload](https://idaholab.github.io/Malcolm/docs/upload.html#Upload) interface and backend, replacing the defunct [jQuery-File-Upload](https://github.com/blueimp/jQuery-File-Upload) with [FilePond](https://pqina.nl/filepond/). This was mainly due to jQuery-File-Upload no longer receiving security fixes and having some known vulnerabilities. see #235 + Use [netbox-initializers](https://github.com/tobiasge/netbox-initializers) plugin, adding the ability to drop YAML files for various NetBox obects to be [preloaded](https://idaholab.github.io/Malcolm/docs/asset-interaction-analysis.html#NetBoxPreload) at startup. see #228 + handle changes to ICSNPP parsers with source_ip/destination_ip fields (#233 and #226) * Bug fixes + Fixed extracting Malcolm version during ISO build + Workaround for wireshark no longer publishing raw manuf (OUI) list (#230) + Remove news feed from default NetBox dashboard (as it would try to reach out to the web for RSS updates) * Component version updates + Rebased Docker and ISO images to Debian 12 (bookworm) + live-build tool for building ISO images to debian/1%20230131 + Arkime to [v4.4.0](https://github.com/arkime/arkime/blob/6f667600596e8a2252555640933f424730c258d5/CHANGELOG#L33-L55) + supercronic to [v0.2.26](https://github.com/aptible/supercronic/releases/tag/v0.2.26) + FileBeat to [v8.9.0](https://www.elastic.co/guide/en/beats/libbeat/current/release-notes-8.9.0.html) + LogStash to [v8.9.0](https://www.elastic.co/guide/en/logstash/8.9/logstash-8-9-0.html) (#234) + NetBox to [v3.5.7](https://github.com/netbox-community/netbox/releases/tag/v3.5.7) + PostgreSQL (used by NetBox) to [v15](https://www.postgresql.org/docs/release/15.0/) + opensearch-py to [v2.3.0](https://github.com/opensearch-project/opensearch-py/releases/tag/v2.3.0) + PHP (as used by Upload interface) to [v8.2](https://www.php.net/ChangeLog-8.php#PHP_8_2) + Fluent Bit to [v2.1.8](https://github.com/fluent/fluent-bit/releases/tag/v2.1.8) + certifi to [v2023.7.22](https://github.com/certifi/python-certifi/releases/tag/2023.07.22) (#229)
mmguero
added a commit
to cisagov/Malcolm
that referenced
this issue
Aug 15, 2023
Malcolm v23.08.0 is a minor release with a few improvements, bug fixes and component updates. v23.07.1...v23.08.0 * Features and enhancements + Rewrote the [Network Traffic Artifact Upload](https://cisagov.github.io/Malcolm/docs/upload.html#Upload) interface and backend, replacing the defunct [jQuery-File-Upload](https://github.com/blueimp/jQuery-File-Upload) with [FilePond](https://pqina.nl/filepond/). This was mainly due to jQuery-File-Upload no longer receiving security fixes and having some known vulnerabilities. see idaholab#235 + Use [netbox-initializers](https://github.com/tobiasge/netbox-initializers) plugin, adding the ability to drop YAML files for various NetBox obects to be [preloaded](https://cisagov.github.io/Malcolm/docs/asset-interaction-analysis.html#NetBoxPreload) at startup. see idaholab#228 + handle changes to ICSNPP parsers with source_ip/destination_ip fields (idaholab#233 and idaholab#226) * Bug fixes + Fixed extracting Malcolm version during ISO build + Workaround for wireshark no longer publishing raw manuf (OUI) list (idaholab#230) + Remove news feed from default NetBox dashboard (as it would try to reach out to the web for RSS updates) * Component version updates + Rebased Docker and ISO images to Debian 12 (bookworm) + live-build tool for building ISO images to debian/1%20230131 + Arkime to [v4.4.0](https://github.com/arkime/arkime/blob/6f667600596e8a2252555640933f424730c258d5/CHANGELOG#L33-L55) + supercronic to [v0.2.26](https://github.com/aptible/supercronic/releases/tag/v0.2.26) + FileBeat to [v8.9.0](https://www.elastic.co/guide/en/beats/libbeat/current/release-notes-8.9.0.html) + LogStash to [v8.9.0](https://www.elastic.co/guide/en/logstash/8.9/logstash-8-9-0.html) (idaholab#234) + NetBox to [v3.5.7](https://github.com/netbox-community/netbox/releases/tag/v3.5.7) + PostgreSQL (used by NetBox) to [v15](https://www.postgresql.org/docs/release/15.0/) + opensearch-py to [v2.3.0](https://github.com/opensearch-project/opensearch-py/releases/tag/v2.3.0) + PHP (as used by Upload interface) to [v8.2](https://www.php.net/ChangeLog-8.php#PHP_8_2) + Fluent Bit to [v2.1.8](https://github.com/fluent/fluent-bit/releases/tag/v2.1.8) + certifi to [v2023.7.22](https://github.com/certifi/python-certifi/releases/tag/2023.07.22) (idaholab#229)
mmguero
added a commit
to mmguero-dev/Malcolm
that referenced
this issue
Jan 17, 2024
Update control.py
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The following changes have been made to ICSNPP log files. Most of these changes involve adding "true" source and destination fields as described at https://github.com/cisagov/icsnpp-modbus#source-and-destination-fields, but there are additional minor updates as well.
icsnpp-bacnet
icsnpp-bsap
icsnpp-enip
icsnpp-s7comm
icsnpp-modbus
icsnpp-dnp3
The text was updated successfully, but these errors were encountered: