Material created during the creation of the bachelor's thesis, concerning the performance analysis and expressiveness of Intrusion Detection System rules generated in LUA language for industrial scenarios.
- Open
project
folder. - Enter
Infrastructure
folder and runvagrant up
. Then start client and server withvagrant ssh client
andvagrant ssh server
. - In
server
install Python and pyModbus. - In
client
install Python, Suricata and pyModbus.- Place
suricata.yaml
into/etc/suricata/
- Place
modbus_detect.rules
into/etc/suricata/rules/
- Place
prova1.lua
into/etc/suricata/rules/
- Place
ceftest.lua
andscript1.lua
into/etc/suricata/lua-outputs
- Place
- Put into
Infrastructure
folder:client_async.py
client_payloads.py
helper.py
server_async.py
server_payloads.py
- Run server with
python3 server_payloads.py -c tcp -p 502
- Run client with
python3 client_payloads.py -c tcp -p 502 --host 192.168.1.61
- Check the two new-created log files
ceftest.cef
andluatest.log
for alerts.