Developed as a community asset
Note, if you find ICS-relevant file extensions that are not listed in the above list, please submit a pull to contribute those to the TSV's in this project.
- Common File Extensions for Configurations/Projects - common extensions
- Other Files of Interest - some other interesting specific files
- File-extension seeker - aggregate search engine to find info about file extensions.
- Data Types - another file extension search engine
- ICS File Extension Search - Powershell script to search on a system for common ICS file extensions. Sources this list from here.
- SCADA Strangelove's SCADAPASS
- Arnaud Soullie's ICS Default Passwords
- TrackerNode Research
- CRITIFENCE Default Password Database
- Quickdraw Snort - mirror: v4.3.1 - The Quickdraw IDS signature download includes the Modbus TCP, DNP3, EtherNet/IP, and ICS Vulnerability signatures. Each category is in its own rules file, and Digital Bond recommends only adding the signatures appropriate for your control system. See the pcap quickdraw section for test pcaps.
- Quickdraw Suricata Signatures for EtherNet/IP - A set of EtherNet/IP IDS rules for use with Suricata.
- RAPSN SETS - RAPSN SETS (Recognizing Anomalies in Protocols of Safety Networks: Schneider Electric‘s TriStation) is a set of rules for the Intrusion Detection System (IDS) Snort. They have been developed for Schneider Electric‘s proprietary TriStation protocol and are published under Mozilla Public License Version 2.0.
- Cisco Talos Snort IDS Rules - These are a handful of community rules that correspond to the SCADA Strangelove default credentials. More community rules are available here
- ARMORE - ARMORE was developed to be an open-source software solution that will aid asset owners by increasing visibility, securing communications, and inspecting ICS communications for behavior that is not intended. Built around Bro and Linux.
- EDMAND - EDMAND Anomaly detection framework. Built around Bro.
- AIUS - AIUS Repository (EDMAND/CAPTAR combination). Built around Bro.
- ML NIDS For ICS - Machine learning techniques for Intrusion Detection in SCADA Systems.
- Security Technical Implementation Guides (STIG) - The Security Technical Implementation Guides (STIGs) and the NSA Guides are the configuration standards for DOD IA and IA-enabled devices/systems. Since 1998, DISA has played a critical role enhancing the security posture of DoD's security systems by providing the Security Technical Implementation Guides (STIGs). The STIGs contain technical guidance to "lock down" information systems/software that might otherwise be vulnerable to a malicious computer attack.
(creative commons license)