Idea: Wire BACnet's file support to Zeek's file analysis framework
keithjjones opened this issue · 2 comments
keithjjones commented
💡 Summary
I looks like BACnet can be used to transfer files: https://store.chipkin.com/articles/bacnet-the-file-object It would be great to add any transferred file content to Zeek's file analysis framework so we could dig into the data further. I didn't see that logic in the current code. Thanks!
Kleinspider commented
The logic for passing files from BACnet atomic-write-file and atomic-read-file into the Zeek file analysis framework has been added in the most recent commit/version. Currently it is only implemented for "stream" file transfers, not "record" file transfers. Thanks for sharing this idea!
keithjjones commented
@Kleinspider thanks!