creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-13 06:34:57 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/detecting-attacks-on-historian-servers/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

49 lines
1.9 KiB
Markdown
Raw Blame History

# Historian Server Attack Detection — API Reference
## Common Historian Platforms
| Platform | Vendor | Default Port |
|----------|--------|-------------|
| PI Data Archive | OSIsoft/AVEVA | 5457 |
| PI Web API | OSIsoft/AVEVA | 443/5459 |
| Wonderware Historian | AVEVA | 1433 (SQL) |
| FactoryTalk Historian | Rockwell | 1433 (SQL) |
| Ignition Gateway | Inductive Automation | 8088 |
| iFIX Historian | GE Digital | 5051 |
## OSIsoft PI Web API Endpoints
| Method | Endpoint | Description |
|--------|----------|-------------|
| GET | `/piwebapi/system` | System information and version |
| GET | `/piwebapi/points` | List PI data points |
| GET | `/piwebapi/streams/{webId}/value` | Get current point value |
| GET | `/piwebapi/streams/{webId}/recorded` | Get historical recorded values |
| GET | `/piwebapi/dataservers` | List configured data servers |
## Ignition Gateway Endpoints
| Endpoint | Description |
|----------|-------------|
| `/StatusPing` | Gateway health check |
| `/system/gwinfo` | Gateway system information |
| `/system/webdev` | Web development module |
| `/main/web/status` | Gateway status page |
## Attack Indicators
| Indicator | Description | Severity |
|-----------|-------------|----------|
| Anonymous API access | PI Web API accessible without auth | CRITICAL |
| Bulk data read | >10,000 points read in single session | CRITICAL |
| Brute force login | >5 failed logins from same IP | HIGH |
| Exposed gateway info | Ignition/PI info pages publicly accessible | HIGH |
| SQL injection on historian DB | Direct SQL queries to historian backend | CRITICAL |
## External References
- [OSIsoft PI Web API Reference](https://docs.aveva.com/bundle/pi-web-api-reference)
- [Ignition Gateway API](https://docs.inductiveautomation.com/docs/8.1/platform/gateway)
- [CISA ICS-CERT: Historian Security](https://www.cisa.gov/ics)
- [NIST SP 800-82 Rev 3](https://csrc.nist.gov/publications/detail/sp/800-82/rev-3/final)
Reference in New Issue View Git Blame Copy Permalink