Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

enrich network traffic metadata with "device type" #123

Closed
Qiaoran-M opened this issue Nov 8, 2022 · 2 comments
Closed

enrich network traffic metadata with "device type" #123

Qiaoran-M opened this issue Nov 8, 2022 · 2 comments
Assignees
@mmguero
Labels
enhancement New feature or request

Comments

@Qiaoran-M
Copy link

Qiaoran-M commented Nov 8, 2022
edited
Loading

Hi, I am a new Malcolm user and I have a question about the log enrichment. For the source and destination of logs, is Malcolm able to find out the device type (i.e. PLC, PC, workstation, etc)? I uploaded a pcap file to Malcolm earlier but didn't find much log information about the device type.

Thanks for your help!
@mmguero
Copy link
Collaborator

mmguero commented Nov 8, 2022

You're correct, right now Malcolm doesn't have much in the way of determining the type of host detected in network traffic. There are a few ways you could infer that information, sometimes, but it depends on the type of traffic and type of device whether or not it will be very successful:

  • you can look at the device manufacturer (the OUI fields), for example in the Connections dashboard
  • you can check out the Software dashboard to look for names and versions of software that might indicate the type of device to you
  • for ICS devices, you can check out the ICS Best Guess dashboard which may provide some guesses

Improved asset identification/discovery/management is on Malcolm's future roadmap and will be worked on over the next several months. Thanks for the request.

@mmguero mmguero self-assigned this Nov 8, 2022
@mmguero mmguero added the enhancement New feature or request label Nov 8, 2022
@mmguero mmguero added this to Malcolm Nov 8, 2022
@mmguero mmguero changed the title Find device type in log enrichment enrich network traffic metadata with "device type" Nov 8, 2022
@mmguero mmguero moved this to Todo (spike) in Malcolm Nov 8, 2022
@mmguero
Copy link
Collaborator

mmguero commented Nov 8, 2022

See also #17

Repository owner moved this from Todo (spike) to Done in Malcolm Nov 10, 2022
@mmguero mmguero moved this from Done to Someday in Malcolm Nov 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mmguero mmguero

Labels
enhancement New feature or request
Projects
Malcolm
Status: Someday
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mmguero @Qiaoran-M