Home
Resources
N2OS Software Development Kit
The N2OS Software Development Kit (SDK).
Scriptable protocols
The Lua scripting API for building a custom protocol decoder.
Setup
Do this procedure to add a new scriptable protocol.

Resources
- Release Notes
  Access the release notes for release-based products.
- N2OS Configuration
  The N2OS Configuration - Reference Guide.
- N2OS Software Development Kit
  The N2OS Software Development Kit (SDK).
  - Scriptable protocols
    The Lua scripting API for building a custom protocol decoder.
    - Architecture
    - Setup
      Do this procedure to add a new scriptable protocol.
    - Script parameters
    - Writing a standalone scriptable protocol
    - Writing an extension scriptable protocol
    - API reference
  - Scriptable variables
    The scriptable variables correlation feature allows users to implement custom checks on the way variable values change over time. This section covers how such scripts can be implemented and used.
  - OpenAPI
    The scriptable variables correlation feature allows users to implement custom checks on the way variable values change over time. This section covers how such scripts can be implemented and used.
  - Data model reference
    The data model reference for query entities.
  - Data integration best practices
    A description of best practices when using Nozomi Networks data integration with Syslog integration or OpenAPI calls.
- Integration Guides
  Integration guides to help you use applications that integrate with Nozomi Networks products.
- Reference Guides
  Additional reference guides with information on items such as Alerts and Incidents and Federal Information Processing Standards (FIPS).
- Quick Start Guides
  Hardware Quick Start Guides.
- Security
  Stay up-to-date with the most recent information and solutions for all vulnerabilities that affect Nozomi Networks products.
- Print format documentation
  A list of all the technical documentation that is available in print format.
- Documentation archive
  Access previous versions of the technical documentation.

Setup

Do this procedure to add a new scriptable protocol.

To add a new scriptable protocol there are two options:

Explicit configuration
Handle as custom user contents

Explicit configuration

Copy the Lua script in /data/scriptable_protocols/
Configure Guardian with this rule conf.user configure probe scriptable-protocol <protocol_name> <script_name> in command-line interface (CLI)(<script_name> is the name of the file including the extension)
There is no need to restart the intrusion detection system (IDS) after the scriptable protocol configuration: the system will automatically activate it (alongside any other scriptable protocols already configured)

Custom user contents

Make sure that the scriptable protocol parameters (most importantly, the name) have been set via comments in the script body.
Add the .content extension to the script file name.
Copy the Lua script in /data/contents/scriptable_protocols/
Notify IDS that the scriptable protocols contents have changed by issuing in the CLI: ids contents_reload {"content_type": "scriptable_protocols"}
There is no need to restart the IDS, the system will automatically activate all scriptable protocols delivered as contents, together with all those that have been explicitly configured.

After these steps the new protocol is loaded in Guardian and will analyze the network traffic.