Industrial Cybersecurity Firm Claroty Releases Open Source Database Parser

Industrial cybersecurity firm Claroty this week announced the availability of AccessDB Parser, an open source tool that allows researchers to analyze Microsoft Access database files associated with SCADA applications.

AccessDB Parser was initially developed to improve the scanning capabilities of Claroty Continuous Threat Detection (CTD)’s Application DB (AppDB), which is designed to provide a non-intrusive way to identify and manage assets in OT networks by parsing configuration files and other artifacts associated with industrial control systems (ICS).

Provided as a Python library, AccessDB Parser allows users to easily automate the process of reading and analyzing any .mdb or .accdb Access database file.

“This can be very helpful to go over a large number of files and extract the needed data or perform the relevant tests very easily,” Uri Katz, a senior researcher at Claroty, who led the development of the tool, told SecurityWeek.

Asked to share specific examples of issues that can be uncovered using the open source tool, Katz explained, “Project files usually contain important information about the SCADA environment, including what assets are in the network, what programs are those assets running, and some configuration data relevant to those assets.

“After testing and processing a few dozens of such project files in our lab, we detected a deviation related to some mis-configuration in some of the project files we had in our lab. Since we used our python library, it was relatively easy to spot the mis-configuration since we could automate the entire process.”

Learn more about ICS security tools at SecurityWeek’s 2020 ICS Cyber Security Conference and SecurityWeek’s Security Summits virtual event series

Katz pointed out that every SCADA project is constructed differently, with some vendors using a well-known and well-documented file structure, while others preferring to develop a proprietary binary format structure.

“However, we discovered that many vendors such as Rockwell and Schneider, in some of their SCADA applications, are specifically using the AccessDB (mdb) database format to store the information required for the project file. By providing an AccessDB parser we are actually helping the community to parse and extract the relevant information from those project files,” the researcher explained.

Claroty has released the AccessDB Parser source code on GitHub and it has created a video showing the tool in action.

Related: Slack Releases Open Source Secure Development Lifecycle Tool

Related: Open Source Tool From FireEye Automates Analysis of Flash Files

Related: Google Releases Open Source Tool for Finding File Access Vulnerabilities