Charles and I have generated a set of functions, scripts and documents for producing normalized Security Event Monitor (SEM) output and integrating the output with SEMs. Our target for this release was Tenable’s Security Center but the concepts and output will be similar for most SEMs. For more information see the Portaledge SEM Integration page on Digital Bond’s SCADApedia.
As we wind down with this set of deliverables, we now set our sights on creating a module that will help asset owners meet some of the NERC-CIP requirements.
If you are an asset owner in the electrical generation or distribution market then odds are pretty good that you have a PI Historian monitoring your control system. And, if you are in North America you are facing the NERC-CIP requirements. With our forthcoming module, Portaledge will parse a variety of system log sources, from PCs, field devices, IDSs, firewalls and communication devices, add them into the PI Historian as points (meeting the NERC requirements) and use the points as data for monitoring and correlating to provide further alerting and information on potential attacks.
Portaledge, then becomes a tool to help asset owners meet NERC requirements, archiving the log file via the PI Historian. Portaledge is available to Digital Bond’s content subscribers.