Hi
I’m trying to use bro for decoding DNP3 traffic and following the logic through its parser to the various dnp3_xxx events. (The documentation on how to use the DNP3 events is a bit light but I think I understand what’s happening.) When I try to follow the request objects logic (e.g. as you might get from a DNP3 write command), I can’t see how they’re getting output to the bro script layer at all. Most of them seem to simply dead-end in the parser with no event generated.
I spent a little while looking through the bro branches and came across a branch called topics/hui/dnp3-events that seems to have support for a bunch of additional objects. It was last worked on in February 2014 but I can’t find any hint of it in the master branch.
Just wondering if anyone can clarify. Am I misunderstanding how it works? Or did the code in dnp3-events branch get lost? Or was it never merged? Or never completed?
Thanks!
Addressing to Hui Lin but also including bro-dev in case someone else knows the history.