Today we released Quickdraw Version 4.1. This is our package of DCS and SCADA IDS signatures, preprocessors and plugins. With the refresh of the web site, we will walk you through what is where and what is new. The biggest addition in Version 4.1 is the 11 new signatures to detect attacks on known ICS vulnerabilities, but more on this in a bit.
There is a main Quickdraw page that has links to the tables of Modbus TCP, DNP3, EtherNet/IP and Vulnerability signatures, or rules in Snort parlance. For example the DNP3 Rules page has a table with all of the rules, and then a link to the documentation page for each rule.
Note: You will need to register/login to download the Quickdraw package or view any of the individual rule documentation pages. Register/login in the right sidebar, and it is free.
The Vulnerability Rules detect attacks on known ICS vulnerabilities. The number here increased from 3 to 14 with 2 more ClearSCADA vuln rules pending. We are actively working on developing signatures for all the published ICS vulns and will be releasing them monthly until we catch up. The challenge is getting access to the equipment to actually test the exploit and signature, so if you have any way to help, let us know.