Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

integrate HART IP parser #561

Closed
mmguero opened this issue Sep 11, 2024 · 4 comments
Closed

integrate HART IP parser #561

mmguero opened this issue Sep 11, 2024 · 4 comments
Assignees
@mmguero
Labels
enhancement New feature or request ics Relating to ICS (Industrial Control Systems) devices zeek Relating to Malcolm's use of Zeek
Milestone
v24.09.0

Comments

@mmguero
Copy link
Collaborator

mmguero commented Sep 11, 2024

icsnpp-hart-ip
@mmguero mmguero added enhancement New feature or request ics Relating to ICS (Industrial Control Systems) devices zeek Relating to Malcolm's use of Zeek labels Sep 11, 2024
@mmguero mmguero added this to the v24.09.0 milestone Sep 11, 2024
@mmguero mmguero self-assigned this Sep 11, 2024
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Sep 16, 2024
@mmguero
fixes to remove redundant targetplatform from docker images; also sta…
d619840 
…rting to integrate hartip parsers idaholab#561
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Sep 16, 2024
@mmguero
work in progress for hart ip integration, idaholab#561
e9c88d9
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Sep 17, 2024
@mmguero
Fixes for template for hartip (see idaholab#561)
6c69a92
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Sep 17, 2024
@mmguero
work in progress hartip (see idaholab#561)
969c8b1
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Sep 17, 2024
@mmguero
work in progress hartip (see idaholab#561)
57bdb84
@mmguero
Copy link
Collaborator Author

mmguero commented Sep 17, 2024
edited
Loading

Some the date fields I need to parse, with sample values:

[
  {
    "zeek.hart_ip_universal_commands.read_tag_response_date_code": {
      "buckets": [
        {
          "doc_count": 3202,
          "key": "-"
        },
        {
          "doc_count": 2,
          "key": "0-0-1900"
        },
        {
          "doc_count": 1,
          "key": "8-123-1910"
        }
      ],
      "doc_count_error_upper_bound": 0,
      "sum_other_doc_count": 0
    },
    "zeek.hart_ip_universal_commands.write_tag_descriptor_date_date_code": {
      "buckets": [
        {
          "doc_count": 3202,
          "key": "-"
        },
        {
          "doc_count": 3,
          "key": "8-123-1910"
        }
      ],
      "doc_count_error_upper_bound": 0,
      "sum_other_doc_count": 0
    },
    "zeek.hart_ip.read_audit_log_power_up_time": {
      "buckets": [
        {
          "doc_count": 3202,
          "key": 0
        },
        {
          "doc_count": 1,
          "key": 7267420687585448092
        },
        {
          "doc_count": 1,
          "key": 7268606961847846789
        },
        {
          "doc_count": 1,
          "key": 7273480766182430776
        }
      ],
      "doc_count_error_upper_bound": 0,
      "sum_other_doc_count": 0
    },
    "zeek.hart_ip_session_record.session_log_record_connect_time": {
      "buckets": [
        {
          "doc_count": 3184,
          "key": 0
        },
        {
          "doc_count": 1,
          "key": 7268607219545884609
        },
        {
          "doc_count": 1,
          "key": 7268612639794613423
        },
        {
          "doc_count": 1,
          "key": 7268613253974936894
        },
        {
          "doc_count": 1,
          "key": 7268616273336946685
        },
        {
          "doc_count": 1,
          "key": 7268616509560148020
        },
        {
          "doc_count": 1,
          "key": 7268616866042433671
        },
        {
          "doc_count": 1,
          "key": 7268633607824957377
        },
        {
          "doc_count": 1,
          "key": 7268920292597064830
        },
        {
          "doc_count": 1,
          "key": 7268921155885491527
        },
        {
          "doc_count": 1,
          "key": 7268925085780568282
        },
        {
          "doc_count": 1,
          "key": 7268925906119322009
        },
        {
          "doc_count": 1,
          "key": 7268928045013035915
        },
        {
          "doc_count": 1,
          "key": 7268928118027479964
        },
        {
          "doc_count": 1,
          "key": 7268930716482694649
        },
        {
          "doc_count": 1,
          "key": 7268930892576353826
        },
        {
          "doc_count": 1,
          "key": 7268931416562364060
        },
        {
          "doc_count": 1,
          "key": 7268931700030205662
        },
        {
          "doc_count": 1,
          "key": 7273480937981122656
        },
        {
          "doc_count": 1,
          "key": 7273482686032812535
        },
        {
          "doc_count": 1,
          "key": 7273483003860392512
        },
        {
          "doc_count": 1,
          "key": 7273483983112936229
        }
      ],
      "doc_count_error_upper_bound": 0,
      "sum_other_doc_count": 0
    },
  "zeek.hart_ip.read_audit_log_last_security_change": {
    "buckets": [
      {
        "doc_count": 3202,
        "key": 0
      },
      {
        "doc_count": 1,
        "key": 1433833537351127300
      },
      {
        "doc_count": 1,
        "key": 1433833537351403500
      },
      {
        "doc_count": 1,
        "key": 1433833537352538000
      }
    ],
    "doc_count_error_upper_bound": 0,
    "sum_other_doc_count": 0
  },
    "zeek.hart_ip_session_record.session_log_record_disconnect_time": {
      "buckets": [
        {
          "doc_count": 3184,
          "key": 0
        },
        {
          "doc_count": 1,
          "key": 1692427390
        },
        {
          "doc_count": 1,
          "key": 1692427591
        },
        {
          "doc_count": 1,
          "key": 1692428506
        },
        {
          "doc_count": 1,
          "key": 1692428697
        },
        {
          "doc_count": 1,
          "key": 1692429195
        },
        {
          "doc_count": 1,
          "key": 1692429212
        },
        {
          "doc_count": 1,
          "key": 1692429817
        },
        {
          "doc_count": 1,
          "key": 1692429858
        },
        {
          "doc_count": 1,
          "key": 1692429980
        },
        {
          "doc_count": 1,
          "key": 1692430046
        },
        {
          "doc_count": 1,
          "key": 5987321793
        },
        {
          "doc_count": 1,
          "key": 5987323055
        },
        {
          "doc_count": 1,
          "key": 5987323198
        },
        {
          "doc_count": 1,
          "key": 5987323901
        },
        {
          "doc_count": 1,
          "key": 5987323956
        },
        {
          "doc_count": 1,
          "key": 5987324039
        },
        {
          "doc_count": 1,
          "key": 5987327937
        },
        {
          "doc_count": 1,
          "key": 10283424549
        },
        {
          "doc_count": 1,
          "key": 117657606721
        },
        {
          "doc_count": 1,
          "key": 173492181088
        },
        {
          "doc_count": 1,
          "key": 173492181495
        }
      ],
      "doc_count_error_upper_bound": 0,
      "sum_other_doc_count": 0
    },
    "zeek.hart_ip_universal_commands.read_device_variable_response_slot0_time": {
      "buckets": [
        {
          "doc_count": 3202,
          "key": 0
        },
        {
          "doc_count": 1,
          "key": 913132517
        },
        {
          "doc_count": 1,
          "key": 1761568000
        },
        {
          "doc_count": 1,
          "key": 1762752000
        }
      ],
      "doc_count_error_upper_bound": 0,
      "sum_other_doc_count": 0
    }
  }
]

I need to figure out what the formats for these actually are.

Also, this one:

  • zeek.hart_ip_session_record.session_log_record_connect_time with a value of 18446744071106662589 or 18446744071108074455 failed to index because it's too big for a long.

@mmguero
Copy link
Collaborator Author

mmguero commented Sep 17, 2024

@piercema do you know where I can go to figure out what these numbers mean?

mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Sep 18, 2024
@mmguero
work in progress hartip (see idaholab#561)
4f527ad
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Sep 18, 2024
@mmguero
work in progress for hart ip integration, idaholab#561
b7594d9
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Sep 18, 2024
@mmguero
initial dashboard for hart ip integration, idaholab#561
51f7587
@mmguero
Copy link
Collaborator Author

mmguero commented Sep 18, 2024

Turns out those values are mostly bad input data, so ignore my previous two comments I guess.

@mmguero
Copy link
Collaborator Author

mmguero commented Sep 18, 2024

HART-IP dashboard

Image

@mmguero mmguero closed this as completed Sep 18, 2024
This was referenced Sep 18, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mmguero mmguero

Labels
enhancement New feature or request ics Relating to ICS (Industrial Control Systems) devices zeek Relating to Malcolm's use of Zeek
Projects
Malcolm
Status: Released
Milestone
v24.09.0
Development

No branches or pull requests
1 participant
@mmguero