|
Field name |
Description |
Example value |
||
|---|---|---|---|---|
|
timestamp |
Time when the event was received. Format: yyyy-mm-ddThh:mm:ssZ. |
2022-05-12T08:11:46.15869Z |
||
|
pdu_severity |
SCADA severity. |
1 |
||
|
pdu_func |
Function code (instructs the slave what data the master requires from it or what action to perform). |
12 |
||
|
pdu_address |
Registry address with which the operation should be performed. |
3154 |
||
|
node |
The unique name of the device that generated the event. |
utmcore@ersthetatica |
||
|
details |
pdu_varname |
Variable name. Parameter is mainly used for real-time data exchange. Refers to the MMS protocol. |
VAR |
|
|
pdu_device |
Address of the device used in the MMS and OPCUA protocols. |
DEV |
||
|
mb_write_quantity |
Number of values to write (Read Write Register command). |
998 |
||
|
mb_write_addr |
Start register address to write (Read Write Register command). |
776 |
||
|
mb_value |
Value to write (for Write Single Coil, Write Single Register commands). |
322 |
||
|
mb_unit_id |
Device address. |
186 |
||
|
mb_read_quantity |
Number of values to read (Read Write Register command). |
658 |
||
|
mb_read_addr |
Start registry address to read (Read Write Register command). |
122 |
||
|
mb_quantity |
Number of values to read. |
875 |
||
|
mb_payload |
Register values (for Read Coil, Read Holding Registers, Read Input Registers, Read/Write Multiple registers, Write Multiple Coil commands). |
75be5ecdc24f9883 |
||
|
mb_or_mask |
OR mask value of the Mask Write Register command. |
1024 |
||
|
mb_message |
Modbus message. |
exception |
||
|
mb_exception_code |
Error code. For the error_response message type. |
255 |
||
|
mb_and_mask |
AND mask value of the Mask Write Register command. |
121 |
||
|
mb_addr |
Registry address. |
3154 |
||
|
iec104_msgtype |
Type of the query. |
request, response, error_response |
||
|
iec104_ioa |
Address of information object, which allows the receiving party to unambiguously identify the type of event. |
23 |
||
|
iec104_cot |
Reason for transmitting an Application Protocol Data Unit (APDU). |
6 |
||
|
iec104_asdu |
The ASDU address (COA, or Common Object Address). Refers to the IEC-104 protocol. |
123 |
||
|
app_protocol |
Application layer protocol |
Modbus |
||
|
action |
Action taken by the device according to the configured policies. |
pass |
||
|
source |
zone |
guid |
Unique ID of the traffic source zone. |
d0038912-0d8a-4583-a525-e63950b1da47 |
|
name |
Traffic source zone name. |
Trusted |
||
|
country |
Source country name. |
AE (a two-letter country code is displayed) |
||
|
ip |
IPv4 address of the traffic source. |
10.10.10.10 |
||
|
port |
Source port |
Values: 0-65535. |
||
|
destination |
zone |
guid |
Unique ID of the traffic destination zone. |
3c0b1253-f069-4060-903b-5fec4f465db0 |
|
name |
Traffic destination zone name. |
Untrusted |
||
|
country |
Destination country name. |
AE (a two-letter country code is displayed) |
||
|
ip |
IPv4 address of the traffic destination. |
104.19.197.151 |
||
|
port |
Destination port |
Values: 0-65535. |
||
|
rule |
guid |
Unique ID of the rule triggered to cause the event. |
59e38e06-533a-4771-9664-031c3e8b2e1f |
|
|
name |
Name of the rule triggered to cause the event. |
SCADA Sample Rule |
||