Monitoring in ICS/SCADA environment
Possibilities of SCADA monitoring with Flowmon Probe/Collector and ADS module.
Product: Flowmon OS, ADS
Is it possible to monitor the SCADA environment with Flowmon products?
|Steps to Reproduce:|
Flowmon Probes are able to monitor L3 (IP layer) and above. All IP communication in SCADA networks can be monitored.
Probes can offer visibility to the following IoT protocols:
ADS module is able to detect suspicious behavior in the network with standard methods such as:
It is possible to use IDS Probe (Suricata) together with ADS for IDS detections. There is a default rule set for the SCADA environment and other rule sets are available (eg. https://github.com/CyberICS/Suricata-Rules-for-ICS-SCADA).