{"id":15683,"date":"2016-03-07T10:00:41","date_gmt":"2016-03-07T09:00:41","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=15683"},"modified":"2021-07-07T16:16:51","modified_gmt":"2021-07-07T15:16:51","slug":"test-de-grassmarlin-outil-open-source","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2016\/03\/test-de-grassmarlin-outil-open-source\/","title":{"rendered":"Test de Grassmarlin, outil open-source de cartographie passive pour SI industriels"},"content":{"rendered":"<div class=\"separator\" style=\"clear: both; text-align: center;\">\n<figure id=\"post-15684 media-15684\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-15684 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I1-1.png\" alt=\"\" width=\"640\" height=\"332\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I1-1.png 640w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I1-1-368x191.png 368w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I1-1-71x37.png 71w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/figure>\n<\/div>\n<p><i>La premi\u00e8re \u00e9tape dans un projet de s\u00e9curisation de son SI industriel est bien souvent la cr\u00e9ation, ou la fiabilisation, d\u2019un inventaire de l\u2019ensemble des composants. En effet, l\u2019inventaire et la documentation existante peuvent s\u2019av\u00e9rer insuffisant ou non-fiable.<\/i><br \/>\n<i>C\u2019est \u00e0 ce besoin que r\u00e9pond l\u2019outil GRASSMARLIN en fournissant une solution de cartographie r\u00e9seau passive adapt\u00e9e au secteur industriel.<\/i><\/p>\n<p>&nbsp;<\/p>\n<h1>Pr\u00e9sentation de GRASSMARLIN<\/h1>\n<p>GRASSMARLIN est un outil permettant de cartographier de mani\u00e8re passive un r\u00e9seau industriel. Cet outil, premi\u00e8rement d\u00e9velopp\u00e9 par la National Security Agency (NSA) des \u00c9tats-Unis est d\u00e9sormais Open-Source et directement accessible sur GitHub (<a href=\"https:\/\/github.com\/iadgov\/GRASSMARLIN\">https:\/\/github.com\/iadgov\/GRASSMARLIN<\/a>).<br \/>\nL\u2019outil GRASSMARLIN permet d\u2019obtenir une image ou \u00ab snapshot \u00bb du syst\u00e8me d\u2019information (SI) industriel avec notamment:<\/p>\n<ul>\n<li>Les \u00e9quipements pr\u00e9sents<\/li>\n<li>Les communications existantes entre les \u00e9quipements<\/li>\n<li>Des m\u00e9ta-informations obtenues \u00e0 partir des communications (localisation, constructeurs)<\/li>\n<\/ul>\n<p>L\u2019outil est disponible sur la plateforme Windows (version 7+, 64bits uniquement), certaines distributions Linux (Fedora, Ubuntu) et est t\u00e9l\u00e9chargeable au lien suivant : <a href=\"https:\/\/github.com\/iadgov\/GRASSMARLIN\/releases\/latest\">https:\/\/github.com\/iadgov\/GRASSMARLIN\/releases\/latest<\/a>.<\/p>\n<p>Une perte de disponibilit\u00e9 d\u2019un \u00e9quipement du SI industriel pouvant avoir des cons\u00e9quences importantes (arr\u00eat de la production, perte de visibilit\u00e9 pour les op\u00e9rateurs, \u2026), la cartographie est enti\u00e8rement passive. Les communications sont enregistr\u00e9es puis analys\u00e9es, contrairement \u00e0 un scan actif avec nmap ou plcscan qui vont activement envoyer des paquets \u00e0 destination de toutes les adresses IP et analyser les \u00e9ventuels retours.<\/p>\n<h1>Fonctionnement de Grassmarlin<\/h1>\n<p>GRASSMARLIN permet d\u2019obtenir deux types de topologies du r\u00e9seau industriel :<\/p>\n<ul>\n<li>La \u00ab Logical View \u00bb : fournit une liste des \u00e9quipements pr\u00e9sents et des communications existantes, nomm\u00e9e par la suite la vue logique.<\/li>\n<li>La \u00ab Physical View \u00bb : permet d\u2019obtenir les liens physiques entre les \u00e9quipements en donnant par exemple le num\u00e9ro de port d\u2019un routeur auquel un automate est connect\u00e9, nomm\u00e9e par la suite la vue physique.<\/li>\n<\/ul>\n<h2>La d\u00e9tection passive<\/h2>\n<p>La m\u00e9thode de d\u00e9couverte de r\u00e9seau \u00e9tant passive l\u2019outil GRASSMARLIN ne g\u00e9n\u00e8re aucun trafic sur le r\u00e9seau. Ainsi afin d\u2019obtenir des r\u00e9sultats de la vue logique ce dernier va simplement \u00e9couter les communications sur le r\u00e9seau tel un analyseur de trame classique. En d\u2019autres termes, GRASSMARLIN ne pourra analyser que les communications qu\u2019il est en mesure d\u2019\u00e9couter sur sa machine h\u00f4te.<\/p>\n<figure id=\"post-15686 media-15686\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-15686 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I2-1.png\" alt=\"\" width=\"640\" height=\"450\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I2-1.png 640w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I2-1-272x191.png 272w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I2-1-55x39.png 55w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/figure>\n<div class=\"separator\" style=\"clear: both; text-align: center;\"><\/div>\n<div style=\"text-align: center;\"><i><u>Figure 1 : Visibilit\u00e9 de GRASSMARLIN<\/u><\/i><\/div>\n<div style=\"text-align: center;\"><\/div>\n<p>Il est aussi possible d\u2019obtenir une topologie r\u00e9seau \u00e0 partir de captures r\u00e9seaux (fichiers PCAP) g\u00e9n\u00e9r\u00e9es \u00e0 des instants ult\u00e9rieurs \u00e0 d\u2019autres points du r\u00e9seau.<br \/>\nDe m\u00eame, pour g\u00e9n\u00e9rer la vue physique GRASSMARLIN utilise des logs de routeur Cisco et reste donc totalement passif.<\/p>\n<h3>Vue logique<\/h3>\n<p>Dans cette vue, la topologie du r\u00e9seau se pr\u00e9sente comme suit :<\/p>\n<figure id=\"post-15688 media-15688\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-15688 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I3-2.png\" alt=\"\" width=\"400\" height=\"336\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I3-2.png 400w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I3-2-227x191.png 227w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I3-2-46x39.png 46w\" sizes=\"auto, (max-width: 400px) 100vw, 400px\" \/><\/figure>\n<div style=\"text-align: center;\"><i><u>Figure 2 : Vue logique avec 2 automates Siemens<\/u><\/i><\/div>\n<div style=\"text-align: center;\"><i><u>\u00a0<\/u><\/i><\/div>\n<div style=\"text-align: left;\">Cette topologie est g\u00e9n\u00e9r\u00e9e \u00e0 partir d\u2019une capture r\u00e9seau de deux \u00e9quipements industriels utilisant le protocole de communication industriel S7comm. Les fichiers PCAP peuvent \u00eatre \u00a0retrouv\u00e9s \u00e0 cette adresse : <a href=\"https:\/\/wiki.wireshark.org\/S7comm\">https:\/\/wiki.wireshark.org\/S7comm<\/a><\/div>\n<p>La carte principale \u00e0 droite permet de donner les \u00e9quipements pr\u00e9sents, identifi\u00e9s par leur adresse IP, ainsi que les communications existantes entre les \u00e9quipements et les sous-r\u00e9seaux IP.<br \/>\nPar ailleurs, GRASSMARLIN reconnait \u00e0 l\u2019aide de signatures les protocoles et \u00e9quipements industriels :<\/p>\n<figure id=\"post-15690 media-15690\" class=\"align-none\"><\/figure>\n<div class=\"separator\" style=\"clear: both; text-align: center;\"><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-15692 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I5-1.png\" alt=\"\" width=\"640\" height=\"209\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I5-1.png 640w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I5-1-437x143.png 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I5-1-71x23.png 71w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/p>\n<div style=\"text-align: center;\"><i><u>Figure 3 : Vue logique et d\u00e9tails fournis par GRASSMARLIN<\/u><\/i><\/div>\n<div style=\"text-align: center;\"><\/div>\n<p>Dans le cas pr\u00e9sent, le protocole utilis\u00e9 est bien reconnu comme S7comm. Le r\u00f4le des \u00e9quipements dans les communications est aussi inform\u00e9 : le master (ou ma\u00eetre) donne les consignes lorsque le slave (ou esclave) ex\u00e9cute les commandes. Le Vendor Name (nom du constructeur) est donn\u00e9 et permet aux gestionnaires de parcs industriels de pouvoir se rep\u00e9rer plus ais\u00e9ment. Enfin, dans le cas o\u00f9 les adresses IP sont publiques (ce qui n\u2019est pas le cas ici) le pays d\u2019origine de l\u2019\u00e9quipement est inform\u00e9.<br \/>\nCes informations sont g\u00e9n\u00e9r\u00e9es suite \u00e0 la confrontation des captures r\u00e9seaux avec les signatures connues par GRASSMARLIN, l\u2019attribut Confidence (confiance) \u00e9chelonn\u00e9 de 1 (non confiant) \u00e0 5 (confiant) informe alors sur le degr\u00e9 de v\u00e9racit\u00e9 des informations donn\u00e9es.<br \/>\nGRASSMARLIN fournit aussi une vision textuelle de la carte \u00e0 l\u2019aide d\u2019un arbre de connections (pr\u00e9sent \u00e0 gauche sur la figure 2) renseignant les \u00e9quipements par sous-r\u00e9seaux.<br \/>\nIl est aussi possible d\u2019isoler les communications li\u00e9es \u00e0 un \u00e9quipement en particulier et d\u2019obtenir des premiers \u00e9l\u00e9ments d\u2019analyses tels que : la taille des paquets \u00e9chang\u00e9s, l\u2019instant t de l\u2019\u00e9change, l\u2019origine du paquet (si plusieurs fichiers PCAP\u2019s sont utilis\u00e9s) :<\/p>\n<div class=\"separator\" style=\"clear: both; text-align: center;\"><\/div>\n<div class=\"separator\" style=\"clear: both; text-align: center;\"><\/div>\n<div style=\"text-align: center;\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-15694 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I6-1.png\" alt=\"\" width=\"320\" height=\"198\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I6-1.png 320w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I6-1-309x191.png 309w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I6-1-63x39.png 63w\" sizes=\"auto, (max-width: 320px) 100vw, 320px\" \/><\/div>\n<div style=\"text-align: center;\"><i><u>Figure 4 : Fen\u00eatre d\u2019analyse des communications d\u2019un automate<\/u><\/i><\/div>\n<div style=\"text-align: center;\"><\/div>\n<h3>Signatures protocolaires<\/h3>\n<p>GRASSMARLIN embarque des signatures permettant de reconnaitre les protocoles utilis\u00e9s sur la vue logique.<br \/>\nChaque signature peut \u00eatre compos\u00e9e de deux types d\u2019\u00e9l\u00e9ment :<\/p>\n<ul>\n<li>L\u2019\u00e9l\u00e9ment Filter (ou filtre) qui d\u00e9crit un attribut \u00e0 d\u00e9tecter.<\/li>\n<li>L\u2019\u00e9l\u00e9ment Payload (ou charge utile) qui permet de retourner des informations \u00e0 l\u2019utilisateur.<\/li>\n<\/ul>\n<p>Une signature peut contenir plusieurs Filter et chaque Payload fait r\u00e9f\u00e9rence \u00e0 un Filter :<\/p>\n<div class=\"separator\" style=\"clear: both; text-align: center;\"><\/div>\n<p>&nbsp;<\/p>\n<div style=\"text-align: center;\">\n<figure id=\"post-15696 media-15696\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-15696 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I7-1.png\" alt=\"\" width=\"320\" height=\"289\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I7-1.png 320w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I7-1-211x191.png 211w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I7-1-43x39.png 43w\" sizes=\"auto, (max-width: 320px) 100vw, 320px\" \/><\/figure>\n<p><i><u>Figure 5 : Exemple de signature MODBUS<\/u><\/i><\/p>\n<\/div>\n<div style=\"text-align: center;\"><\/div>\n<p>Les Filter permettent essentiellement de d\u00e9crire des attributs protocolaires des couches 2 \u00e0 4 du mod\u00e8le OSI. Voici une liste des Filter actuellement disponibles :<\/p>\n<figure id=\"post-15698 media-15698\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-15698 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I8.png\" alt=\"\" width=\"400\" height=\"179\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I8.png 400w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I8-71x32.png 71w\" sizes=\"auto, (max-width: 400px) 100vw, 400px\" \/><\/figure>\n<div style=\"text-align: center;\"><i><u>Tableau 1 : Ensemble des filtres possibles<\/u><\/i><\/div>\n<div style=\"text-align: center;\"><\/div>\n<p>Les Payload quant \u00e0 eux permettent de rajouter une description \u00e0 un \u00e9l\u00e9ment r\u00e9seau, d\u2019extraire des valeurs d\u2019un paquet ou encore d\u2019afficher une information en fonction de la pr\u00e9sence d\u2019un motif dans un paquet.<br \/>\nLa version actuelle de GRASSMARLIN (v3) compte 54 signatures couvrant les protocoles industriels couramment utilis\u00e9s. Du fait du r\u00e9cent passage de l\u2019outil en open-source (28\/01\/16) il est probable que la biblioth\u00e8que de signature s\u2019enrichisse avec les ann\u00e9es \u00e0 venir.<br \/>\nLes signatures sont \u00e9dit\u00e9es sous le format XML n\u00e9anmoins un outil graphique est propos\u00e9 \u2013 FingerPrint Editor &#8211; afin de permettre une cr\u00e9ation plus ais\u00e9e de signatures :<\/p>\n<figure id=\"post-15700 media-15700\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-15700 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I9-1.png\" alt=\"\" width=\"400\" height=\"308\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I9-1.png 400w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I9-1-248x191.png 248w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I9-1-51x39.png 51w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I9-1-156x121.png 156w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I9-1-155x120.png 155w\" sizes=\"auto, (max-width: 400px) 100vw, 400px\" \/><\/figure>\n<div style=\"text-align: center;\"><i><u>Figure 6 : Fingerprint Editor, outil graphique d\u2019\u00e9dition de signatures<\/u><\/i><\/div>\n<div style=\"text-align: center;\"><\/div>\n<h3>Vue physique<\/h3>\n<p>La topologie physique permet d\u2019obtenir les connexions physiques existantes entre les \u00e9quipements.<\/p>\n<figure id=\"post-15702 media-15702\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-15702 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I10-1.png\" alt=\"\" width=\"640\" height=\"330\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I10-1.png 640w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I10-1-370x191.png 370w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I10-1-71x37.png 71w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/figure>\n<div style=\"text-align: center;\"><i><u>Figure 7 : Vue physique<\/u><\/i><\/div>\n<div style=\"text-align: center;\"><\/div>\n<p>Ces vues, plus orient\u00e9es connectivit\u00e9 r\u00e9seau, permettent d\u2019obtenir les liaisons physiques existantes entre les \u00e9quipements industriels et leurs connexions aux \u00e9quipements r\u00e9seaux.<br \/>\n\u00c0 ce jour seul les routeurs Cisco sont support\u00e9s et les vues sont g\u00e9n\u00e9r\u00e9es \u00e0 partir des r\u00e9sultats des 3 commandes suivantes :<\/p>\n<ul>\n<li>\u201cshow running-config\u201d<\/li>\n<li>\u201cshow ip arp\u201d (OU) \u201cshow mac address-table\u201d<\/li>\n<li>\u201cshow interfaces\u201d<\/li>\n<\/ul>\n<p>Une fois la sortie de ces commandes enregistr\u00e9e dans un fichier texte, GRASSMARLIN est en mesure de g\u00e9n\u00e9rer \u00e0 partir de ce dernier la vue physique.<\/p>\n<h3>Partage de donn\u00e9es<\/h3>\n<p>L\u2019exportation des donn\u00e9es est g\u00e9r\u00e9e par GRASSMARLIN avec 3 types d\u2019export<\/p>\n<ul>\n<li>L\u2019exportation des vues sous format d\u2019images (PNG).<\/li>\n<li>L\u2019exportation des donn\u00e9es sous format XML :\n<ul>\n<li>Enregistre l\u2019ensemble de l\u2019arbre de connexion de la vue logique.<\/li>\n<li>Ces donn\u00e9es peuvent \u00eatre utilis\u00e9es comme des donn\u00e9es de session lors de prochaine importation.<\/li>\n<\/ul>\n<\/li>\n<li>L\u2019exportation des donn\u00e9es en partage : cr\u00e9ation d\u2019une archive avec les donn\u00e9es sous format XML et les fichiers de captures r\u00e9seaux g\u00e9n\u00e9r\u00e9s.<\/li>\n<\/ul>\n<h2>Tests sur banc d\u2019essai<\/h2>\n<p>Des tests sur une des maquettes SI industriel de Solucom ont \u00e9t\u00e9 r\u00e9alis\u00e9s afin de confronter l\u2019outil \u00e0 un cas d\u2019utilisation concret avec de r\u00e9els \u00e9quipements industriels.<\/p>\n<h3>Pr\u00e9sentation banc d\u2019essai<\/h3>\n<p>Le banc d\u2019essai simule un aiguillage de train et est compos\u00e9 de :<\/p>\n<ul>\n<li>1 interface homme\/machine (IHM) Siemens ;<\/li>\n<li>1 automate Siemens ;<\/li>\n<li>2 automates Schneider ;<\/li>\n<li>1 switch manageable.<\/li>\n<\/ul>\n<figure id=\"post-15704 media-15704\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-15704 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I11.jpg\" alt=\"\" width=\"320\" height=\"239\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I11.jpg 320w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I11-256x191.jpg 256w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I11-52x39.jpg 52w\" sizes=\"auto, (max-width: 320px) 100vw, 320px\" \/><\/figure>\n<div style=\"text-align: center;\"><i><u>Figure 8 : Photo du banc d\u2019essai<\/u><\/i><\/div>\n<div style=\"text-align: center;\"><\/div>\n<p>Un poste de travail disposant de Grassmarlin est directement connect\u00e9 \u00e0 un port en mirroring sur le switch et acc\u00e8de donc \u00e0 l\u2019ensemble des communications de la maquette. Par ailleurs, aucun \u00e9quipement Cisco n\u2019\u00e9tant pr\u00e9sent sur la maquette seule la vue logique a \u00e9t\u00e9 test\u00e9e.<\/p>\n<h3>R\u00e9alisation des tests<\/h3>\n<p>Suite \u00e0 une capture en temps r\u00e9el des trames, GRASSMARLIN a pu g\u00e9n\u00e9rer la vue logique suivante :<\/p>\n<figure id=\"post-15706 media-15706\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-15706 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I12-1.png\" alt=\"\" width=\"320\" height=\"281\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I12-1.png 320w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I12-1-218x191.png 218w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I12-1-44x39.png 44w\" sizes=\"auto, (max-width: 320px) 100vw, 320px\" \/><\/figure>\n<div class=\"separator\" style=\"clear: both; text-align: center;\"><\/div>\n<div style=\"text-align: center;\"><i><u>Figure 9 : Vue logique de la maquette<\/u><\/i><\/div>\n<div style=\"text-align: center;\"><\/div>\n<div style=\"text-align: left;\">Et, apr\u00e8s r\u00e9organisation (manuelle) de la vue nous obtenons la vue suivante :<\/div>\n<p>&nbsp;<\/p>\n<figure id=\"post-15708 media-15708\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-15708 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I13-1.png\" alt=\"\" width=\"320\" height=\"169\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I13-1.png 320w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I13-1-71x37.png 71w\" sizes=\"auto, (max-width: 320px) 100vw, 320px\" \/><\/figure>\n<div style=\"text-align: center;\"><i><u>Figure 10 : Vue logique de la maquette r\u00e9ordonn\u00e9e<\/u><\/i><\/div>\n<div style=\"text-align: center;\"><\/div>\n<p>Le temps d\u2019apparition des \u00e9quipements sur la carte est quasi-instantan\u00e9 d\u00e8s r\u00e9ception des flux. GRASSMARLIN identifie bien l\u2019ensemble des \u00e9quipements pr\u00e9sents tout en donnant les protocoles de communications utilis\u00e9s.<br \/>\nDe m\u00eame, un fichier XML de sortie est correctement g\u00e9n\u00e9r\u00e9 \u00e0 partir des fonctions d\u2019export. Ce dernier r\u00e9sume l\u2019ensemble des informations extraites par GRASSMARLIN et permet de r\u00e9utiliser les donn\u00e9es plus facilement :<\/p>\n<p>&nbsp;<\/p>\n<figure id=\"post-15710 media-15710\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-15710 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I14-1.png\" alt=\"\" width=\"640\" height=\"406\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I14-1.png 640w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I14-1-301x191.png 301w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I14-1-61x39.png 61w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/figure>\n<div style=\"text-align: center;\"><i><u>Figure 11 : Fichier de sortie XML<\/u><\/i><\/div>\n<div style=\"text-align: center;\"><\/div>\n<p>Cependant, certaines limitations ont pu \u00eatre observ\u00e9es :<\/p>\n<ul>\n<li>La non-concurrence des signatures<br \/>\nSi un \u00e9quipement r\u00e9pond \u00e0 plusieurs signatures alors seule une signature est d\u00e9tect\u00e9e. Ceci peut notamment poser probl\u00e8me dans le cas d\u2019une IHM qui communique potentiellement avec diff\u00e9rents automates en utilisant plusieurs protocoles de communication.<\/li>\n<li>Le manque de verbosit\u00e9 de certaines signatures<br \/>\nLes signatures comportent des champs descriptions dans leur Payload permettant de d\u00e9crire au mieux le r\u00f4le de l\u2019\u00e9quipement identifi\u00e9. Il est possible que ces champs soient laiss\u00e9s initialement vides ou peu renseign\u00e9s ce qui peut compliquer la t\u00e2che d\u2019identification.<\/li>\n<li>Une analyse des \u00e9changes peu aboutie<br \/>\nGRASSMARLIN ne fournit actuellement que les premiers \u00e9l\u00e9ments d\u2019analyse sur les communications : tailles des paquets, instants d\u2019envois. Dans les pistes d\u2019am\u00e9liorations de sa fonction d\u2019analyse nous pourrions par exemple citer l\u2019impl\u00e9mentation d\u2019une fonction de reconnaissance de cycles dans les \u00e9changes entre IHM et automates.<\/li>\n<\/ul>\n<h2>Conclusion<\/h2>\n<p>D\u2019autres outils de d\u00e9tection passive de topologie sont disponibles sur le march\u00e9. Cependant GRASSMARLIN est actuellement l\u2019un des rares, si ce n\u2019est l\u2019unique, \u00e0 \u00eatre destin\u00e9 au SI industriels et \u00e0 \u00eatre Open-Source.<br \/>\nEn comparaison un autre outil nomm\u00e9 <a href=\"http:\/\/www.netresec.com\/?page=NetworkMiner\" target=\"_blank\" rel=\"noopener\">NetworkMiner<\/a>\u00a0permet aussi de r\u00e9aliser des topologies de r\u00e9seaux en utilisant les signatures d\u2019autres outils dont notamment : <a href=\"https:\/\/nmap.org\/\" target=\"_blank\" rel=\"noopener\">nmap<\/a>, <a href=\"http:\/\/lcamtuf.coredump.cx\/p0f3\/\" target=\"_blank\" rel=\"noopener\">p0f<\/a> et <a href=\"https:\/\/ettercap.github.io\/ettercap\/\" target=\"_blank\" rel=\"noopener\">Ettercap<\/a> . N\u00e9anmoins, ce dernier n\u2019embarque pas \u00e0 l\u2019installation de signatures destin\u00e9es aux protocoles industriels et n\u2019est donc pas aussi pr\u00e9cis que GRASSMARLIN.<\/p>\n<figure id=\"post-15712 media-15712\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-15712 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I15-1.png\" alt=\"\" width=\"320\" height=\"268\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I15-1.png 320w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I15-1-228x191.png 228w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I15-1-47x39.png 47w\" sizes=\"auto, (max-width: 320px) 100vw, 320px\" \/><\/figure>\n<div style=\"text-align: center;\"><i><u>Figure 12 : Sortie de l\u2019outil NetworkMiner pour 2 automates Siemens<\/u><\/i><\/div>\n<div style=\"text-align: center;\"><\/div>\n<p>&nbsp;<\/p>\n<figure id=\"post-15714 media-15714\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-15714 size-full aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I16-1.png\" alt=\"\" width=\"320\" height=\"287\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I16-1.png 320w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I16-1-213x191.png 213w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I16-1-43x39.png 43w\" sizes=\"auto, (max-width: 320px) 100vw, 320px\" \/><\/figure>\n<div style=\"text-align: center;\"><i><u>Figure 13 : Autre exemple \u2013 utilisation de l\u2019outil p0f avec 2 automates Siemens<\/u><\/i><\/div>\n<div style=\"text-align: center;\"><\/div>\n<div><\/div>\n<figure id=\"post-15716 media-15716\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-15716 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I17-1.png\" alt=\"\" width=\"640\" height=\"209\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I17-1.png 640w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I17-1-437x143.png 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I17-1-71x23.png 71w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/figure>\n<div style=\"text-align: center;\"><i><u>Figure 14 : Sortie de GRASSMARLIN avec 2 automates Siemens<\/u><\/i><\/div>\n<div style=\"text-align: center;\"><\/div>\n<p>Citons \u00e9galement la solution commerciale de Sentryo, d\u00e9di\u00e9e elle aux SI industriels. Cette solution ne se contente pas de cr\u00e9er une cartographie \u00e0 l\u2019instant t, mais permet \u00e9galement d\u2019alerter sur toutes variations par rapports aux communications habituelles, et ainsi de d\u00e9tecter des \u00e9v\u00e9nements de s\u00e9curit\u00e9. Lors de la d\u00e9monstration \u00e0 laquelle nous avons assist\u00e9e, le niveau de d\u00e9tail fourni sur les automates (Schneider et Siemens \u00e0 minima) \u00e9tait bien sup\u00e9rieur \u00e0 celui qu\u2019on peut actuellement obtenir avec Grassmarlin (marque, mod\u00e8le, composants de l\u2019automate et version du firmware par exemple).<\/p>\n<figure id=\"post-15718 media-15718\" class=\"align-none\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-15718 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I18-1.png\" alt=\"\" width=\"640\" height=\"240\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I18-1.png 640w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I18-1-437x164.png 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I18-1-71x27.png 71w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/figure>\n<div class=\"separator\" style=\"clear: both; text-align: center;\"><\/div>\n<div style=\"text-align: center;\"><i><u>Figure 15 : Extrait d\u2019une cartographie g\u00e9n\u00e9r\u00e9e par Sentryo (<a href=\"https:\/\/www.sentryo.net\/how-to-start-your-ics-cybersecurity-project\/\">https:\/\/www.sentryo.net\/how-to-start-your-ics-cybersecurity-project\/<\/a>)<\/u><\/i><\/div>\n","protected":false},"excerpt":{"rendered":"<p>La premi\u00e8re \u00e9tape dans un projet de s\u00e9curisation de son SI industriel est bien souvent la cr\u00e9ation, ou la fiabilisation, d\u2019un inventaire de l\u2019ensemble des composants. En effet, l\u2019inventaire et la documentation existante peuvent s\u2019av\u00e9rer insuffisant ou non-fiable. C\u2019est \u00e0&#8230;<\/p>\n","protected":false},"author":20,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[36],"tags":[3898,1069,1260],"coauthors":[780,3897],"class_list":["post-15683","post","type-post","status-publish","format-standard","hentry","category-cybersecurity-digital-trust","tag-open-source","tag-outil","tag-si-industriel"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Test de Grassmarlin, outil open-source de cartographie passive pour SI industriels - RiskInsight<\/title>\n<meta name=\"description\" content=\"La premi\u00e8re \u00e9tape dans un projet de s\u00e9curisation de son SI industriel est bien souvent la cr\u00e9ation, ou la fiabilisation, d\u2019un inventaire de l\u2019ensemble des composants. En effet, l\u2019inventaire et la documentation existante peuvent s\u2019av\u00e9rer insuffisant ou non-fiable.C\u2019est \u00e0 ce besoin que r\u00e9pond l\u2019outil GRASSMARLIN en fournissant une solution de cartographie r\u00e9seau passive adapt\u00e9e au secteur industriel.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/2016\/03\/test-de-grassmarlin-outil-open-source\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Test de Grassmarlin, outil open-source de cartographie passive pour SI industriels - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"La premi\u00e8re \u00e9tape dans un projet de s\u00e9curisation de son SI industriel est bien souvent la cr\u00e9ation, ou la fiabilisation, d\u2019un inventaire de l\u2019ensemble des composants. En effet, l\u2019inventaire et la documentation existante peuvent s\u2019av\u00e9rer insuffisant ou non-fiable.C\u2019est \u00e0 ce besoin que r\u00e9pond l\u2019outil GRASSMARLIN en fournissant une solution de cartographie r\u00e9seau passive adapt\u00e9e au secteur industriel.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/2016\/03\/test-de-grassmarlin-outil-open-source\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2016-03-07T09:00:41+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-07-07T15:16:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I1-1.png\" \/>\n<meta name=\"author\" content=\"Arnaud Soulli\u00e9, Achraf Moussadek Kabdani\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Arnaud Soulli\u00e9, Achraf Moussadek Kabdani\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/03\/test-de-grassmarlin-outil-open-source\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/03\/test-de-grassmarlin-outil-open-source\/\"},\"author\":{\"name\":\"Arnaud Soulli\u00e9\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8ba5826fcf8223b1c6c350c1d1fffc79\"},\"headline\":\"Test de Grassmarlin, outil open-source de cartographie passive pour SI industriels\",\"datePublished\":\"2016-03-07T09:00:41+00:00\",\"dateModified\":\"2021-07-07T15:16:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/03\/test-de-grassmarlin-outil-open-source\/\"},\"wordCount\":1891,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/03\/test-de-grassmarlin-outil-open-source\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I1-1.png\",\"keywords\":[\"open-source\",\"outil\",\"SI industriel\"],\"articleSection\":[\"Cybersecurity &amp; Digital Trust\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/03\/test-de-grassmarlin-outil-open-source\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/03\/test-de-grassmarlin-outil-open-source\/\",\"name\":\"Test de Grassmarlin, outil open-source de cartographie passive pour SI industriels - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/03\/test-de-grassmarlin-outil-open-source\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/03\/test-de-grassmarlin-outil-open-source\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I1-1.png\",\"datePublished\":\"2016-03-07T09:00:41+00:00\",\"dateModified\":\"2021-07-07T15:16:51+00:00\",\"description\":\"La premi\u00e8re \u00e9tape dans un projet de s\u00e9curisation de son SI industriel est bien souvent la cr\u00e9ation, ou la fiabilisation, d\u2019un inventaire de l\u2019ensemble des composants. En effet, l\u2019inventaire et la documentation existante peuvent s\u2019av\u00e9rer insuffisant ou non-fiable.C\u2019est \u00e0 ce besoin que r\u00e9pond l\u2019outil GRASSMARLIN en fournissant une solution de cartographie r\u00e9seau passive adapt\u00e9e au secteur industriel.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/03\/test-de-grassmarlin-outil-open-source\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/2016\/03\/test-de-grassmarlin-outil-open-source\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/03\/test-de-grassmarlin-outil-open-source\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I1-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I1-1.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2016\/03\/test-de-grassmarlin-outil-open-source\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Test de Grassmarlin, outil open-source de cartographie passive pour SI industriels\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8ba5826fcf8223b1c6c350c1d1fffc79\",\"name\":\"Arnaud Soulli\u00e9\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/arnaud-soullie\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Test de Grassmarlin, outil open-source de cartographie passive pour SI industriels - RiskInsight","description":"La premi\u00e8re \u00e9tape dans un projet de s\u00e9curisation de son SI industriel est bien souvent la cr\u00e9ation, ou la fiabilisation, d\u2019un inventaire de l\u2019ensemble des composants. En effet, l\u2019inventaire et la documentation existante peuvent s\u2019av\u00e9rer insuffisant ou non-fiable.C\u2019est \u00e0 ce besoin que r\u00e9pond l\u2019outil GRASSMARLIN en fournissant une solution de cartographie r\u00e9seau passive adapt\u00e9e au secteur industriel.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/2016\/03\/test-de-grassmarlin-outil-open-source\/","og_locale":"en_US","og_type":"article","og_title":"Test de Grassmarlin, outil open-source de cartographie passive pour SI industriels - RiskInsight","og_description":"La premi\u00e8re \u00e9tape dans un projet de s\u00e9curisation de son SI industriel est bien souvent la cr\u00e9ation, ou la fiabilisation, d\u2019un inventaire de l\u2019ensemble des composants. En effet, l\u2019inventaire et la documentation existante peuvent s\u2019av\u00e9rer insuffisant ou non-fiable.C\u2019est \u00e0 ce besoin que r\u00e9pond l\u2019outil GRASSMARLIN en fournissant une solution de cartographie r\u00e9seau passive adapt\u00e9e au secteur industriel.","og_url":"https:\/\/www.riskinsight-wavestone.com\/2016\/03\/test-de-grassmarlin-outil-open-source\/","og_site_name":"RiskInsight","article_published_time":"2016-03-07T09:00:41+00:00","article_modified_time":"2021-07-07T15:16:51+00:00","og_image":[{"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I1-1.png","type":"","width":"","height":""}],"author":"Arnaud Soulli\u00e9, Achraf Moussadek Kabdani","twitter_misc":{"Written by":"Arnaud Soulli\u00e9, Achraf Moussadek Kabdani","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/03\/test-de-grassmarlin-outil-open-source\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/03\/test-de-grassmarlin-outil-open-source\/"},"author":{"name":"Arnaud Soulli\u00e9","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8ba5826fcf8223b1c6c350c1d1fffc79"},"headline":"Test de Grassmarlin, outil open-source de cartographie passive pour SI industriels","datePublished":"2016-03-07T09:00:41+00:00","dateModified":"2021-07-07T15:16:51+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/03\/test-de-grassmarlin-outil-open-source\/"},"wordCount":1891,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/03\/test-de-grassmarlin-outil-open-source\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I1-1.png","keywords":["open-source","outil","SI industriel"],"articleSection":["Cybersecurity &amp; Digital Trust"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/03\/test-de-grassmarlin-outil-open-source\/","url":"https:\/\/www.riskinsight-wavestone.com\/2016\/03\/test-de-grassmarlin-outil-open-source\/","name":"Test de Grassmarlin, outil open-source de cartographie passive pour SI industriels - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/03\/test-de-grassmarlin-outil-open-source\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/03\/test-de-grassmarlin-outil-open-source\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I1-1.png","datePublished":"2016-03-07T09:00:41+00:00","dateModified":"2021-07-07T15:16:51+00:00","description":"La premi\u00e8re \u00e9tape dans un projet de s\u00e9curisation de son SI industriel est bien souvent la cr\u00e9ation, ou la fiabilisation, d\u2019un inventaire de l\u2019ensemble des composants. En effet, l\u2019inventaire et la documentation existante peuvent s\u2019av\u00e9rer insuffisant ou non-fiable.C\u2019est \u00e0 ce besoin que r\u00e9pond l\u2019outil GRASSMARLIN en fournissant une solution de cartographie r\u00e9seau passive adapt\u00e9e au secteur industriel.","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/03\/test-de-grassmarlin-outil-open-source\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/2016\/03\/test-de-grassmarlin-outil-open-source\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/03\/test-de-grassmarlin-outil-open-source\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I1-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/04\/I1-1.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/2016\/03\/test-de-grassmarlin-outil-open-source\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Test de Grassmarlin, outil open-source de cartographie passive pour SI industriels"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8ba5826fcf8223b1c6c350c1d1fffc79","name":"Arnaud Soulli\u00e9","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/arnaud-soullie\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/15683","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=15683"}],"version-history":[{"count":4,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/15683\/revisions"}],"predecessor-version":[{"id":15727,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/15683\/revisions\/15727"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=15683"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=15683"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=15683"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=15683"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}