Kleinspider
commented
1 year ago The logic for passing files from BACnet atomic-write-file and atomic-read-file into the Zeek file analysis framework has been added in the most recent commit/version. Currently it is only implemented for "stream" file transfers, not "record" file transfers. Thanks for sharing this idea!
keithjjones
💡 Summary
I looks like BACnet can be used to transfer files: https://store.chipkin.com/articles/bacnet-the-file-object It would be great to add any transferred file content to Zeek's file analysis framework so we could dig into the data further. I didn't see that logic in the current code. Thanks!