I was trying to understand the existing binpac framework (as DNP3 protocol parser is is binpac only ). I can see zeek_dnp3.events.bif.zeek has many events supported which can be called from zeek script and we can fetch parameters and log accordingly. However, in dnp3_objects.pac has deadband g34 analog input block inside Response_Data_Object() but I can’t able to understand how to get this value in zeek script and log it . Similarly there are many fields which I think parsed properly in this framework but no events available to use it in zeek scripts. How to write and integrate new events which will help to access these values in zeek script .
Secondly , there are many fields which are not available even in dnp3 parser as well such as fragment count or fragment size , device id, device name , device location, operation type (PULSE_ON, LATCH_OFF), trip close code etc. How can add these support inside the existing framework? Is there any reference available ?