Zeek - ENIP

Industrial Ethernet/IP DPI/IDS module for ZEEK, for OT/ICS ENIP event analysis.

Targetting ZEEK v3.X.X

Written in BINPAC, a ZEEK specific DSL..

See events.bif for exported handlers, all standard ENIP/IP events are decoded and made available to subscription.

See scripts/main.zeek for an example zeek/scripts consumer for all events.

See Dockerfile for the three stage compilation/zeek module linking process.

License

MIT and/or MIT compatible

Licensing tracked via SPDX, see file level tags for specific attribution

Name		Name	Last commit message	Last commit date
Latest commit History 54 Commits
.github/workflows		.github/workflows
.reuse		.reuse
LICENSES		LICENSES
scripts		scripts
test-files		test-files
.gitignore		.gitignore
CMakeLists.txt		CMakeLists.txt
Dockerfile		Dockerfile
ENIPLG.cc		ENIPLG.cc
ENIPLG.h		ENIPLG.h
Makefile		Makefile
Plugin.cc		Plugin.cc
README.md		README.md
compose.yml		compose.yml
eniplg-analyzer.pac		eniplg-analyzer.pac
eniplg-protocol.pac		eniplg-protocol.pac
eniplg.pac		eniplg.pac
eniplg.pac.license		eniplg.pac.license
events.bif		events.bif
events.bif.license		events.bif.license