search

cisagov / icsnpp-bacnet

Zeek BACnet Parser - CISA ICSNPP
BSD 3-Clause "New" or "Revised" License
15 stars 11 forks source link

deviceCommunicationControl Event Differentiation #26

Closed jcyprus closed 1 year ago

jcyprus commented 1 year ago

Feature Request

Give the parser the ability to differentiate between enabling or disabling communication during a deviceCommunicationControl event.

Feature Context

In BACnet, devices can have their communication enabled or disabled via a deviceCommunicationControl event. In the event of a communication disable, the device will only respond to 1) another deviceCommunicationControl message or 2) a reinitializeDevice message. A communication enable event brings the device back to a state of full communication.

Feature Value Add

Because of how important network communication and availability are to network connected controllers, users should be able to see if their devices can or cannot be communicated with. Users should also always know if the availability of a given device changes. This suggested change to the parser will enable users to have that sort of device knowledge.

Kleinspider commented 1 year ago

Version 1.4 contains additional parsing of reinitializeDevice and deviceCommunicationControl messages.

These events are now logged to bacnet_device_control.log.

Please let us know if you have any thoughts to the implementation or additional fields or messages to add to this log!