🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

SCADAfence

integrations ot scadafence


SCADAfence Platform is an industrial network monitoring system that provides cybersecurity and visibility for ICS/SCADA networks. It provides automatic asset discovery and inventory management, threat detection, and risk management. By using a wide range of algorithms, machine learning (ML) and artificial intelligence (AI), it detects anomalies and security events that can compromise availability and affect the safety and reliability of the OT network and its assets.

SCADAfence provides visibility into HMI, Historian Server, and PLC activity by monitoring switch mirror ports. More information on the SCADAfence solution can be found in SCADAfence OT Security Overview.

The following instructions are for configuring SCADAfence to facilitate log ingestion into Taegis™ XDR.

Important

Adding this integration to your Taegis XDR tenant requires Taegis™ XDR for OT. Contact your account manager or CSM to acquire the required license.

Connectivity Requirements

Source Destination Port/Protocol
SCADAfence Platform Taegis™ XDR Collector (mgmt IP) TCP/601

Data Provided from Integration

  Antivirus Auth DHCP DNS Email Encrypt File HTTP Management Netflow NIDS Process Thirdparty
SCADAfence                   D D   Y

Y = Normalized | D = Out-of-the-Box Detections | V = Vendor-Specific Detections

Note

Taegis™ XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.

Configure the SCADAfence Platform

Syslog Server

Enter the following information:

Option Required Value
Syslog Configuration Name A unique string
IP Address Taegis™ XDR Collector (mgmt IP)
Port 601
Type "TCP"
Severity Threshold "Warning"
Record Type "Extra long"
Delimiter Character "Default"
Enabled "YES"

Example Query Language Searches

To search for netflow events from the last 24 hours:

`FROM netflow WHERE sensor_type = 'SCADAfence' and EARLIEST=-24h`

To search for nids events:

`FROM nids WHERE sensor_type = 'SCADAfence'`

 

On this page: