From c741fe6b4db955e9aefadd212d57fe036bbdaaf0 Mon Sep 17 00:00:00 2001
From: Wes <wlambertts@gmail.com>
Date: Tue, 6 Dec 2022 16:23:26 +0000
Subject: [PATCH] Ensure ICS/SCADA plugins/scripts are enabled

---
 salt/zeek/defaults.yaml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/salt/zeek/defaults.yaml b/salt/zeek/defaults.yaml
index 681f29df0..ec3eef3a2 100644
--- a/salt/zeek/defaults.yaml
+++ b/salt/zeek/defaults.yaml
@@ -54,6 +54,19 @@ zeek:
         - securityonion/bpfconf
         - securityonion/communityid
         - securityonion/file-extraction
+        - oui-logging
+        - icsnpp-modbus
+        - icsnpp-dnp3
+        - icsnpp-bacnet
+        - icsnpp-ethercat
+        - icsnpp-enip
+        - icsnpp-opcua-binary
+        - icsnpp-bsap
+        - icsnpp-s7comm
+        - zeek-plugin-tds
+        - zeek-plugin-profinet
+        - zeek-spicy-wireguard
+        - zeek-spicy-stun
       '@load-sigs':
         - frameworks/signatures/detect-windows-shells
       redef: