search

cisagov / ICSNPP

Industrial Control Systems Network Protocol Parsers
BSD 3-Clause "New" or "Revised" License
153 stars 26 forks source link

provide flag for controlling log verbosity #14

Closed mmguero closed 5 months ago

mmguero commented 10 months ago

💡 Summary

Some of the ICSNPP parsers can be very verbose (e.g., as far as individual values for writes/reads/operations vs. higher-level operations). It would be convenient to provide a flag to be able to control the verbosity of these logs per-protocol. In other words, a boolean where if set to "true" the verbosity is higher (i.e., more of the .log files are generated) vs. "false" where only summary logs are generated (not the details).

Motivation and context

This idea came from the discussion we had with corelight.

Implementation notes

An example of this could be the synchrophasor parser. See main.zeek.

kkvarfordt commented 5 months ago

Implemented and merged log policies to support Zeek log filtering.