Merge pull request #8973 from lock-wire/patch-3

Add Modbus, DNP3, BZAR, and oui-logging

pillar/zeek/init.sls

@@ -48,6 +48,11 @@ zeek:
       - securityonion/bpfconf
       - securityonion/communityid
       - securityonion/file-extraction
+      - oui-logging
+      - bzar
+      - icsnpp-dnp3
+      - icsnpp-modbus
+      - 
     '@load-sigs':
       - frameworks/signatures/detect-windows-shells
     redef:

setup/so-functions

@@ -3013,6 +3013,10 @@ zeek_logs_enabled() {
 			"    - weird"\
 			"    - mysql"\
 			"    - socks"\
-			"    - x509" >> "$zeeklogs_pillar"
+			"    - x509" \
+			"    - dnp3_objects" \
+			"    - modbus_detailed" \
+			"    - modbus_mask_write_single_register" \
+			"    - modbus_read_write_multiple_registers" >> "$zeeklogs_pillar"
 	fi
 }