Basic structure
Navigation
| Number | Explanation |
|---|---|
| ① | Siemens logo: Siemens AG is the manufacturer of the SINEC Security Guard. |
| ② | SINEC Security Guard: Name of the product |
| ③ | 'Menu' button: This allows the menu to be expanded and collapsed so that the labels are displayed or hidden. |
| ④ | User profile: Log out of the ongoing SINEC Security Guard session; to use SINEC Security Guard again, a new login is then required. |
| ⑤ | Home: Overview on the most important values of the risk situation. |
| ⑥ | Threat focus: Overview of vulnerabilities that affect products in the plant. |
| ⑦ | Asset focus: Overview of zones and assets in the plant that are affected by vulnerabilities. |
| ⑧ | Attacks: Overview of security events detected by the installed sensors that may have been triggered by cybersecurity attacks. |
| ⑨ | Task management: Overview of tasks which had been defined to handle vulnerabilities of assets. |
| ⑩ | Inventory: Overview of all assets that SINEC Security Guard monitors. |
| ⑪ | Zone management: Overview of the created zones and the assigned assets. |
| ⑫ | Sensor management: Overview of the sensors for attack detection. |
| ⑬ | Display change: Options for language and visual representation. |
| ⑭ | About & legal information: Overview of various legal and version-related information, the documentation, and contact. |
Home
The Home section provides information about the current status of SINEC Security Guard.
In the upper area, tiles (①-④) show KPIs that are relevant for the assessment of the security situation of the plant. Most of these tiles are clickable and link to the relevant pages.
These tiles are always shown, regardless of their urgency:
-
'Assets by risk level'
Each supported asset is counted with its highest total risk level; an asset with the risk levels '3 x High' and '1 x Low' counts as '1 x High' (since it is an asset and its highest risk level is 'High'). Clicking on this tile will redirect to the Asset focus page.
-
'Open asset vulnerabilities'
Each vulnerability counts with the risk level assigned to it; if an asset has 4 vulnerabilities with the risk levels '3 x High' and '1 x Low', the 'High' counter is increased by 3 and the 'Low' counter by 1. Clicking on this tile will redirect to the Threat focus page.
-
'Application overview'
Total number of assets in the inventory and the number of these that are compatible with SINEC Security Guard. In addition, the installed sensors and the time of the last inventory update are specified. Clicking on this tile will redirect to the Inventory page.
-
Optional: 'Microsoft Sentinel'
Number of security events over the last 30 days; these security events had been sent to Microsoft Sentinel automatically. There is no redirection for this tile.
In the lower area, tiles provide information about urgent fields of activity (⑤-⑦). Tiles are only shown for activity fields where there is an urgent need for change. Fields of activity without an urgent need for change are hidden and only displayed when there is a need for change.
-
Optional: 'Attacks with status 'Open''
These possible attacks are still in the managing status 'Open'. Clicking on this tile will redirect to the Attacks page.
-
'Assets not assigned to zones'
The risk level cannot be calculated for such assets. All assets should therefore be assigned to zones or the list of assets to ignore. Clicking on this tile will redirect to the Zone management page.
-
New vulnerabilities dectected in the last 30 days
The known sources of vulnerability descriptions are checked. All newly released vulnerabilities for assets from the inventory during the past 30 days are counted here. Clicking on this tile will redirect to the Threat focus page.
| Number | Tile |
|---|---|
| ① | Asset by risk level |
| ② | Threats |
| ③ | Application overview |
| ④ | Microsoft Sentinel |
| ⑤ | Number of detected security events |
| ⑥ | Number of assets that are not yet assigned to any zones |
| ⑦ | Number of newly detected vulnerabilities |
Threat focus
This area lists all vulnerabilities ③ that are known for supported assets from the inventory. When you click on a vulnerability, additional details about it ④ are shown.
To list all products and assets affected by the vulnerability and define appropriate tasks, select a vulnerability and navigate to the 'Assets and tasks' area ⑤.
| Icon | Description |
|---|---|
| ① | Sort order selection button |
| ② | Sort order selection button |
| ③ | List of existing vulnerabilities |
| ④ | Details of the selected vulnerability |
| ⑤ | Button to jump to 'Assets and tasks' |
Vulnerability
Additional information is displayed for each vulnerability.
The CVSS rating is as follows:
| Rating | CVSS score | Color coding |
|---|---|---|
| None | 0.0 | (none) |
| Low | 0.1 – 3.9 | Blue |
| Medium | 4.0 – 6.9 | Yellow |
| High | 7.0 – 8.9 | Orange |
| Critical | 9.0 – 10.0 | Red |
| Icon | Description |
|---|---|
| ① | Title of the vulnerability |
| ② | ID of the vulnerability |
| ③ | Publisher of the vulnerability description |
| ④ | Age of the vulnerability description |
| ⑤ | Total risk level: Highest risk and number of assets affected by the highest risk |
| ⑥ | Total number of assets affected by this vulnerability, across all risk levels; this total number also includes the assets affected by the total risk level |
| ⑦ | CVSS score of the vulnerability; the value is also shown in color |
Details of the selected vulnerability
Only information related to assets included in the inventory is displayed.
Description
This area shows information about the description of the vulnerability as well as its impact and occurrences on assets in the plant; see 'Threat details'. This area shows options to fix the vulnerability or at least to reduce its impact or lessen the vulnerability; see 'Threat details'.
| Icon | Description |
|---|---|
| ① | Information on the origin of the vulnerability |
| ② | Distribution of the individual risk levels over all of the affected assets; see color bar for risk level. |
| ③ | Information on the effects of the vulnerability |
| ④ | Product families affected by the vulnerability |
| ⑤ | Zones affected by the vulnerability |
Recommended action
This area shows options to fix the vulnerability or at least to reduce its impact or to lessen the vulnerability.
The list of affected products and solutions describes each product with affected firmware versions and the corresponding solution; the link leads to the product page, from where a newer firmware version can be downloaded if necessary.
| Icon | Description |
|---|---|
| ① | Workarounds and mitigation |
| ② | List of affected products and solutions |
Assets and tasks
This area shows affected products and the individual assets as well as tasks planned for them. If a product ③ from the product list ② is expanded, all individual assets ④ of this product are displayed.
If you select an asset, the recommendations and tasks ⑥ are displayed and offered for selection. Changes to the tasks are applied immediately. See 'Task definition'. Asset details ⑤ can also be displayed for each asset.
Clicking the 'Close' button ⑦ takes you back to the 'Threat focus' page.
| Icon | Description |
|---|---|
| ① | Title of the vulnerability |
| ② | List of affected products and individual assets |
| ③ | Product (expanded) |
| ④ | Asset of a product ③ |
| ⑤ | 'Show asset details' button |
| ⑥ | List of recommendations and tasks |
| ⑦ | 'Close' button |
Asset focus
This area lists all zones, products, and assets from the inventory for which at least one vulnerability is known. Assets that are free of vulnerabilities are not displayed.
You can display all vulnerabilities of the selected asset and define appropriate tasks.
Zone overview
This area lists the zones affected by vulnerabilities ② and shows how they are affected ⑤. Clicking on a zone opens the 'Assets list'.
You can filter zones ① or adjust the sorting of zones ③.
Additional information is provided for each zone (④-⑦).
| Number | Description |
|---|---|
| ① | Input field for filtering the zones |
| ② | List of zones |
| ③ | Sort button |
| Number | Description |
|---|---|
| ④ | Zone name |
| ⑤ | Distribution of the individual risk levels over all of the affected assets; see color bar for risk level. |
| ⑥ | Number of assets in this zone affected by at least one vulnerability. |
| ⑦ | Ratio between [the total number of assets in this zone] and [the number of affected assets in this zone]; at '100%', every asset contained in the zone is affected by at least one vulnerability. |
Asset list for zones
This area shows information about the selected zone as well as all products and assets in the inventory that are part of the zone and affected by at least one vulnerability.
Clicking the button ① takes you back to the 'Zone overview'.
The zone details ② show important information about the zone.
The list of products ③ shows products that contain at least one asset that is in the zone and is affected by a vulnerability. Clicking on it displays all affected assets ④. Details can be displayed for a selected asset ⑥.
After you select an asset and then navigate to the 'Threats and tasks' area ⑥, all vulnerabilities of the selected asset can be viewed and appropriate tasks can be defined. For each affected asset, the greatest risk level due to the currently pending vulnerabilities ⑦ is shown. It also shows how many of these pending vulnerabilities are still in the 'Open' status, and what the highest risk level of the open vulnerabilities is ⑩.
| Number | Description |
|---|---|
| ① | Name of the selected zone and navigation back to the 'Zone overview' |
| ② | Zone details display important information about the zone |
| ③ | List of products affected by vulnerabilities |
| ④ | Highest risk level of the assets of the respective product |
| ⑤ | Button to switch to 'Threats and tasks' |
| ⑥ | Display of asset details |
| Number | Description |
|---|---|
| ⑦ | Highest risk level due to an unfixed vulnerability on this asset |
| ⑧ | Asset name |
| ⑨ | IP address of the asset |
| ⑩ | Number and highest risk level of 'Open Threats' |
Asset overview
Assets-tab ② in Asset focus shows all the vulnerable assets regardless of zone assignment. This view allows quick search for the specific asset.
| Number | Description |
|---|---|
| ① | Zones-tab displays asset risk information grouped by zone |
| ② | Assets-tab displays all the assets affected by vulnerabilities in the system |
Threats and tasks
This area shows threats that affect the selected asset ①, as well as recommended or scheduled tasks and, if applicable, asset details ③.
The list of threats ② shows which different threats threaten the security of the asset.
The risk level ⑧ shows how high the risk to the asset is from this threat. The detection date ⑫ indicates when the system first received information about the threats. Vulnerabilities that have already been managed can be hidden ④.
Details of the selected vulnerability ⑤ can be displayed, see 'Threat details'.
When you select an asset, the recommendations and tasks ⑥ are displayed and offered for selection. Changes to the tasks are applied immediately.
Clicking the 'Close' button ⑦ takes you back to the 'Asset list'.
| Number | Description |
|---|---|
| ① | Information about the asset (name, zone, IP address, installed firmware version) |
| ② | List of asset vulnerabilities |
| ③ | 'Asset details' button |
| ④ | 'Hide managed' button |
| ⑤ | 'Threat details' button |
| ⑥ | List of recommendations and tasks; see 'Task definition' |
| ⑦ | 'Close' button |
| Number | Description |
|---|---|
| ⑧ | Risk level of this vulnerability for this asset |
| ⑨ | Title of the vulnerability |
| ⑩ | Organization that disclosed the vulnerability (ID) |
| ⑪ | Brief description of the vulnerability |
| ⑫ | Date of detection of the vulnerability for this asset |
| ⑬ | Status of the vulnerability |
Attacks
This area displays security events detected by the installed and onboarded sensors. Security events can turn out to be real attacks.
When you select a security event from the list of detected security events ④, additional details about it ① are shown. In the progress status ⑤, the progress of processing a security event can be logged manually.
The procedure for installing new sensors is described in Installation of attack sensors.
| Number | Description |
|---|---|
| ① | Detail area with information about a selected security event |
| ② | Button to select the sort order |
| ③ | Button to select all listed security events |
| ④ | List of detected security events |
| ⑤ | Progress status of a selected security event |
Security event
For each security event, information is displayed to facilitate easier navigation through the list of security events.
Selecting a security event displays detailed information and the current progress status. Changes to the status are applied immediately. If several assets are selected together, the same status information can be entered for them together.
| Number | Description |
|---|---|
| ① | Title of the security event type |
| ② | ID of the sensor that detected the security event |
| ③ | Button for selecting the security event |
| ④ | Progress status of the security event |
| ⑤ | Source of description |
| ⑥ | Age of the security event |
Security event details
The information in this area will help you assess the time, type, and severity of a security event. All information can be downloaded as .JSON file ①. Link ④ leads directly to the MITRE ATT@CK database.
| Number | Description |
|---|---|
| ① | Button to download a .JSON file with additional information about the security event |
| ② | Detailed information about the occurrence of the security event |
| ③ | Detailed information about the signature of the security event |
| ④ | Detailed information about the classification of the security event |
Progress status
Here you can log how far the processing of a security event has progressed. When you click on a status (①, ②, ③), the respective status is entered. Further explanations can be entered in the input field ④. Changes to status or text are saved immediately.
| Number | Description |
|---|---|
| ① | 'Open' status (pre-selected for new security events) |
| ② | 'In progress' status |
| ③ | 'Closed' status |
| ④ | Input field for an optional comment |
Inventory
This area lists all assets that have been transferred from an update source (synchronization with Siemens Industrial Asset Hub or import from a .CSV file) to SINEC Security Guard. Their total number ① is displayed separately.
Note The parallel use of both import sources (Siemens Industrial Asset Hub and .CSV file) is not possible.
The inventory lists both supported and unsupported assets; see column 'Support' ③.
-
Supported
Assets for which SINEC Security Guard has received all necessary information regarding the product, asset and vulnerabilities; for supported assets, SINEC Security Guard can display information about vulnerabilities and their impact.
-
Unsupported
Assets for which one or more items of information regarding the product, asset or vulnerabilities is missing or unreachable. For unsupported assets, SINEC Security Guard does not display information regarding vulnerabilities. You need to take other measures for transparency of the threat situation for such assets and to ensure the secure operation of the asset.
Asset details ⑤ can be displayed for a selected asset.
Note The inventory and the zone management are the only areas in SINEC Security Guard in which unsupported assets are also displayed. All other views of SINEC Security Guard show only supported assets. The display of unsupported assets in the inventory shows assets for which SINEC Security Guard does not offer support and for which you need to take other measures to avert danger.
| Number | Description |
|---|---|
| ① | Total number of supported and unsupported assets in the inventory |
| ② | Input field for filtering the assets |
| ③ | List of assets |
| ④ | Point of time of last inventory update |
| ⑤ | 'Show asset details' button |
Configuration of the inventory
Table configuration can be customized by selecting the columns to be displayed.
The order of the columns can be changed by dragging and dropping the column to the desired position.
Necessity and impact of updates
During the update, the data from the update source replaces the previous inventory. The data is not added to the existing inventory.
During an update, the data for all assets in the future inventory must always be transferred together. Assets that are not present in the update source are removed from the inventory.
It is necessary to update the inventory if something changes in the hardware, firmware or configuration used, e.g. due to the replacement of assets, the installation of a firmware update or a changed IP address.
Per asset, an update has the following effect on new existing inventory:
| Asset exists in the previous inventory | Same asset exists in the update source (IAH or .CSV) | Effect on the new inventory |
|---|---|---|
| Yes | Yes | Asset data is replaced |
| Yes | No | Asset and all associated data and tasks are removed |
| No | Yes | Asset is newly added |
Note If a .CSV file contains two entries for the same asset, the last entry is always imported.
Synchronization with Siemens Industrial Asset Hub
Note The use of the update source Siemens Industrial Asset Hub is described here; importing from a .CSV file is then not possible. Contact Siemens Support if you have any questions.
The inventory automatically synchronizes with the Siemens Industrial Asset Hub in the background several times a day. Changes to assets or asset data in the Siemens Industrial Asset Hub are synchronized with SINEC Security Guard in a timely manner.
Import from a .CSV file
Note The use of the update source .CSV is described here; synchronization with Siemens Industrial Asset Hub is then not possible. Contact Siemens Support if you have any questions.
If an inventory is present in SINEC Security Guard, a note ② shows the age of the most recent import. If an inventory is present in SINEC Security Guard, a note ② shows the age of the most recent import.
The import process is initiated via a button:
-
① shows the button in the event that there is no inventory;
-
③ shows the button in the event that an inventory is already present.
To import from a file, all asset data must be stored in a .CSV file in a defined structure. The necessary structure of the file is specified in the current template file, which you can download using a corresponding button ④. Always use the structure of the latest template version: Using a structure unlike the current template file leads to an error, and the already existing inventory in SINEC Security Guard remains untouched.
Files to be uploaded must meet the following criteria:
| Criterion | Description |
|---|---|
| File Format | .CSV (Comma Separated Values) UTF8 |
| Content Structure | as current template file |
| Maximum File Size | 150MB |
| Maximum Number of Records | 6000 |
After the corresponding file has been selected ⑤ and the import has been initiated ⑥, these criteria are checked. If criteria are not met, the import is aborted and a corresponding error message is displayed in the status area ⑦.
| Number | Function |
|---|---|
| ① | Button to import asset data from a .CSV file |
| Number | Function |
|---|---|
| ② | Age of the most recent import |
| ③ | Button to import asset data from a .CSV file |
| Number | Function |
|---|---|
| ④ | Button to download the current .CSV template |
| ⑤ | Button to select the .CSV file with asset data |
| ⑥ | Button to start the import process |
| ⑦ | Status display of the import process |
Data in .CSV file
Note The structure of the .CSV file may change over time. Siemens recommends to always download the latest version of the .CSV file. You may edit the file with any text editor or spreadsheet editor. Formatting and column separation work according to the CSV standard.
The .CSV file's first row shows the column headers. Each further row contains the data of one asset.
The table below informs about the structure of the .CSV file; the table contains this information:
- Column: Each column in the .CSV file represents one parameter that adds data to each asset; each column needs to be part of the .CSV file, and the order of columns must be kept as shown.
- Description: Meaning of the parameter.
- Asset identification: Parameters which are marked as "Yes" are used to identify an asset as individual; if there is more than one row containing data of the same identified asset, only its first data row will be used and all other rows for this asset will be ignored.
- Column header is mandatory: 'Yes' means that the .CSV file must contain a column with this header. 'No' means that it is optional having a column with this header.
- Asset data is mandatory: 'Yes' means that per asset this column cell must contain data. 'No' means that it is optional providing data.
| Column | Description | Asset identification | Column header is mandatory | Asset data is mandatory |
|---|---|---|---|---|
| asset_name | Name of the asset | No | Yes | Yes |
| serial_number | Serial number of the asset | Yes | Yes | Yes |
| hardware_version | Hardware version of the asset | No | Yes | Yes |
| firmware_version | Version of the firmware that is currently installed on the asset | No | Yes | Yes |
| network_name | Name of the network the asset is part of | No | Yes | Yes |
| ip | IP address of the asset (V4 or V6) | No | Yes | No |
| mac | MAC address of the asset | No | Yes | Yes |
| product_article_number | Article number of the asset, to be retrieved from the vendor | Yes | Yes | Yes |
| product_vendor | Name of the company that has produced this asset | Yes | Yes | Yes |
| product_name | Name of the product - often used for non-Siemens assets | No | No | No |
| note | Leave any note here | No | Yes | No |
| zone_name | Name of the zone the asset belongs to | No | No | No. If empty: The asset gets applied to 'Unassigned assets'. If not empty: The asset gets applied to the zone of this name; if the zone doesn't yet exist, it becomes created. |
Zone management
The Zone management section provides an overview over all zones and their assets and allows to edit and assign assets to zones.
Zones are freely definable logical units, such as 'Brewing', 'Cooling', 'Environment', 'OT Network', etc.
Each asset can be assigned to a zone, and a zone can contain any number of assets. Its zone-specific values 'Business criticality' and 'Exposure' can be set for each zone.
All assets contained in a zone then adopt their zone values as their own values. On this basis, SINEC Security Guard can later calculate a risk level for each asset and vulnerability:
If, for example, Asset A is located in the 'chemical reactor' zone ('high business criticality', 'high exposure') and an identical Asset B is located in the 'shipping' zone ('low business criticality', 'medium exposure'), the risk level for Asset A will be higher than that for Asset B.
Zone-specific values
The following values of a zone occur in several places:
-
Number of assets
Counts all assets assigned to the zone.
-
Business criticality
Expresses how bad ('Negligible', 'Moderate', 'Critical', 'Disastrous') a failure or unsafe operation of the zone and its assets would be for the operation of the plant or the achievement of the production result.
-
Exposure
Expresses how much the zone and its components are exposed to external access. Consider all potential attack vectors (physical access, network access, etc.) and choose the lowest applicable degree of protection.
-
Individually rated
Number of assets that deviate from the zone default with respect to 'Business criticality' and/or 'Exposure'.
-
IP ranges
Number of different IP ranges created for this zone in step 2 of the Zone wizard.
-
Description
Free text to better identify the respective zone or to distinguish it from other zones.
Zone overview
The zone overview displays tiles for 'Unassigned assets' ①, 'Disregarded assets' ②, and manually created zones ⑦. The 'Zone wizard' allows for the creation of new zones ⑤ and modification of existing ones.
| Tile | Place for assets that... | Risk level... |
|---|---|---|
| 'Unassigned assets' ① | … have been newly added to the inventory or removed from 'Disregarded assets' or a zone | … is 'Undefined' for each asset, as 'Business criticality' and 'Exposure' cannot be determined |
| 'Disregarded assets' ② | … should be excluded from calculations and not considered in reports and KPIs/counters | … is not calculated, as the assets are meant to be ignored |
| Manually created zone ⑦ | … are part of a logical group within the facility and are often viewed and managed together | … is calculated and can be either 'Low', 'Medium', 'High', or 'Critical' |
Important values for each zone are displayed on the front and back of the respective tile (accessible via the buttons 'Flip view' ⑫ and 'Flip all' ④).
| Number | Element |
|---|---|
| ① | 'Unassigned assets' tile |
| ② | 'Disregarded assets' tile |
| ③ | Sort order selection button |
| ④ | 'Flip all' button |
| ⑤ | 'Create zone' button |
| ⑥ | Input field for filtering the zones |
| ⑦ | Area with manually created zones |
| Number | Element |
|---|---|
| ⑧ | Name of the zone |
| ⑨ | 'Business criticality' of the zone |
| ⑩ | 'Exposure' of the zone |
| ⑪ | Number of assets in this zone |
| ⑫ | 'Flip view' button |
| ⑬ | Individually rated |
| ⑭ | Number of 'IP ranges' |
Zone details
Zone details contain all zone-related values and offer functions to change the state of the zone. Clicking the button ① takes you back to the 'Zone overview'. The asset list ⑧ includes assets assigned to the zone.
The value 'Zone default' indicates that the asset adheres to the respective default value defined for the zone ⑥. An entry other than 'Zone default' means that a different value has been specified for this asset, counting it as 'Individually rated'. To better identify such non-default assets and, if necessary, reequip them with default settings, the 'Individually rated' button filters out assets with two default values.
A manually created zone can be modified via the 'Edit zone' button ④ and removed via the 'Delete zone' button ⑤.
| Number | Element |
|---|---|
| ① | Button for navigation to the 'Zone overview' |
| ② | Name of the selected zone |
| ③ | Button to display only those assets that are individually rated |
| ④ | 'Edit zone' button |
| ⑤ | 'Delete zone' button |
| ⑥ | Zone information |
| ⑦ | Input field for filtering assets |
| ⑧ | List of assets in the selected zone |
| ⑨ | Display of asset details |
Zone wizard
The 'Zone wizard' guides you through all the necessary steps when manually creating a new zone and also when editing an existing zone. You can switch to the respective step by clicking on a step or using the navigation buttons (⑥, ⑦):
-
Zone definition
-
IP range
-
Individual assets
-
Summary
The status of each step is displayed as follows (here using the example of the 'IP range' step: top row in 'unselected' status, bottom row in 'selected' status):
| Number | Status | Description |
|---|---|---|
| ① | Open | This step has not yet been processed |
| ② | Warning | This step contains data that needs attention |
| ③ | Error | This step contains one or more errors and prevents the wizard from completing |
| ④ | Successful | This step has been successfully completed |
The buttons for navigating through the 'Zone wizard' support you in step-by-step editing.
| Number | Action | Description |
|---|---|---|
| ⑤ | Cancel | Ends the 'Zone wizard' without creating a new zone; entered data will be discarded |
| ⑥ | Previous | Moves to the previous step (available from step 2 onwards) |
| ⑦ | Next | Moves to the following step (available until the penultimate step) |
| ⑧ | Create | Ends the 'Zone wizard' and creates a new zone with the entered data (only available in the last step) |
Zone definition
In this step, basic information about the zone is defined:
-
Zone name ②
The name of the zone. At least one character must be entered, and the zone name must not already be assigned to another zone.
-
Business criticality (③ - 'Negligible', 'Moderate', 'Critical', 'Disastrous')
Expresses how bad a failure or insecure operation of the zone and its assets would be for the operation of the facility or the achievement of the production outcome.
-
Exposure (④ - 'Low', 'Medium', 'High')
Expresses how much the zone and its components are exposed to external access; all possible attack vectors (physical access, network access, etc.) should be considered and the absolutely lowest applicable protection level should be entered.
-
Description ⑤
A text that explains the characteristics of the zone.
| Number | Element |
|---|---|
| ① | Steps of the 'Zone wizard' |
| ② | Zone name |
| ③ | Business criticality |
| ④ | Exposure |
| ⑤ | Description |
| ⑥ | Buttons for navigating through the 'Zone wizard' |
IP range
In this step, assets are added to the zone based on their belonging to an IP range.
Note Assets that are part of an IP range of the current zone and have been manually added to its exclusion list in step 'IP range' will not be listed in the step 'Individual assets'.
Any number of IP ranges ⑤ can be defined according to the IPv4 or IPv6 protocols (③, ⑥); the start IP address (⑧) and end IP address (⑨) are required for this. See also Checking user input.
IP ranges can be duplicated and also deleted (⑫, ⑬).
All assets that have at least one IP address in an IP range are automatically assigned to this range. If the IP address displayed with an asset is not in the IP range, the asset has other IP addresses, at least one of which is in the IP range.
The assignment of assets in an IP range to the zone can then be adjusted manually ⑪. For each IP range, it is shown how many assets from the IP range are actually assigned to the zone and how many assets are within the start and end addresses in principle ⑩.
The assignment of assets offers these lists:
-
Exclusion list ⑯
These assets are not assigned to the zone and remain part of the unassigned assets.
-
Assignment list ⑰
These assets are part of the zone.
It is possible to move all assets in a list ⑱ or individual assets ⑲ to the other list. The manufacturer, asset name and IP address are displayed for each asset ⑳. An input field ⑮ makes it possible to find specific assets within the lists (⑯, ⑰). The sorting of the assets can be changed (㉒).
| Number | Element |
|---|---|
| ① | Steps of the 'Zone wizard' |
| ② | Display of defined IP ranges |
| ③ | Button to create a new IP range |
| ④ | Buttons for navigation through the Zone wizard |
| Number | Element |
|---|---|
| ⑤ | IP range, consisting of start and end IP address |
| ⑥ | Button to create a new IP range |
| ⑦ | Total individual assets assigned via at least one IP range |
| ⑧ | Input field for start IP address |
| ⑨ | Input field for end IP address |
| ⑩ | Number of assigned assets |
| ⑪ | Button for navigation to manual assignment of assets |
| ⑫ | Button to display the menu |
| ⑬ | Menu with options |
| Number | Element |
|---|---|
| ⑭ | Button for navigation back to the display of IP ranges, as well as information on the selected IP range |
| ⑮ | Input field for searching assets within the IP range |
| ⑯ | List of assets to be excluded from this IP range |
| ⑰ | List of assets to be assigned to this IP range |
| ⑱ | Button to move all assets from the respective list to the other list (⑯/⑰) |
| ⑲ | Button to move this asset from the current list to the other list |
| ⑳ | Information on the asset (manufacturer, asset name, IP address) |
| ㉑ | Number of assets in the respective list |
| ㉒ | Button to adjust the sorting order |
Individual assets
In this step, assets are added to the zone that are searched for by criteria other than their IP address, e.g., by name or product type.
Note Assets that are part of an IP range of the current zone and have been manually added to its exclusion list in step 'IP range' will not be listed in the step 'Individual assets'.
The functionality of this step largely corresponds to that of the last dialog of IP range. Differences are:
-
The step does not use IP ranges and therefore does not offer navigation to a parent dialog.
-
The left list ④ shows unassigned assets instead of excluded assets.
| Number | Description |
|---|---|
| ① | Steps of the 'Zone wizard' |
| ② | Display of unassigned assets and manually added assets |
| ③ | Input field for searching assets within the IP range |
| ④ | List of unassigned assets |
| ⑤ | List of manually added assets |
| ⑥ | Button to move all assets from the respective list over to the other list (④/⑤) |
| ⑦ | Button to move this asset from the current over to the other list |
| ⑧ | Information on the asset (manufacturer, asset name, IP address) |
| ⑨ | Number of assets in the respective list |
| ⑩ | Button to adjust the sorting order |
Summary
In this step, the information on the zone definition is summarized before the data is finally confirmed and the zone is created. This step does not offer its own interaction possibilities.
The information on assigned assets ③ shows how many assets were added via IP ranges, how many were added via individually, and how many assets belong to this zone in total.
The information on the defined IP ranges ④ displays the individual IP ranges. For each IP range, the start and end IP address, the number of added, and the total number of assets belonging to the IP range are shown.
| Number | Description |
|---|---|
| ① | Steps of the 'Zone wizard' |
| ② | Information on the zone definition |
| ③ | Information on assigned assets |
| ④ | Information on the defined IP ranges |
Task management
Note When using SINEC Security Guard in combination with ServiceNow®, additionally refer to Usage with ServiceNow®.
The Task management section provides an overview of all assets with defined tasks, which can be specified via Task definition through either the 'Threats and tasks' in the Asset focus or the 'Assets and tasks' in the Threat focus (①). Each asset's entry includes the number of pending tasks and firmware information (③). Detailed information for each asset can also be accessed via "Asset details" (②).
| Number | Description |
|---|---|
| ① | List of all assets for which tasks are defined |
| ② | Asset details |
| ③ | Task overview |
| ④ | Number of pending tasks for this asset |
| ⑤ | Firmware version information |
| ⑥ | Vulnerability information |
| ⑦ | Mark as implemented |
Tasks are organized by vulnerabilities, with specific vulnerability information displayed for each task. Tasks are categorized into two groups:
- Vendor fixes: Tasks which solve the vulnerability and which cannot be undone - e.g. a firmware update.
- Workarounds and Mitigations: Alternative measures to mitigate vulnerabilities if vendor fixes are not immediately applied or available - e.g. a configuration change.
To set a task to implemented, users can click the “Mark as Implemented” button. Implemented tasks will not be shown after reload.
- Undoing Tasks: Users have the option to undo Workarounds and Mitigations until the system is reloaded. Note that Vendor fixes cannot be undone (⑨).
- Firmware updates: When a user implements a firmware update, all tasks associated with other vulnerabilities will be reset to open status.
| Number | Description |
|---|---|
| ⑧ | Marker that all tasks are implemented |
| ⑨ | Undo button for workarounds and mitigations |
Once all tasks for an asset are implemented, the asset will be marked as completed in the list (⑧). After a system reload, fully completed assets will no longer be displayed in the Task management section.
Sensor management
The Sensor management section provides an overview of all sensors which help to identify cyber attacks and allows to manage them. The total number of sensors is displayed separately ①.
Sensors observe traffic data; this is a precondition for detecting suspicious findings in Attack.
Sensor status
Per sensor, the sensor list shows the current status ②, the sensor name ③ , when the sensor had sent data last time ④, and its condition ⑤.
| Number | Description |
|---|---|
| ① | Total amount of sensors |
| ② | Current status of the sensor - see below status' |
| ③ | Name of the sensor |
| ④ | Last contact was ... |
| ⑤ | Condition of the sensor - see below sensor conditions |
| Status | Description |
|---|---|
 |
Sensor newly onboarded; follow the setup process to enable the sensor |
 |
Sensor is enabled to be used |
 |
Sensor became disabled manually; enable it again for further usage |
| Sensor condition | Description |
|---|---|
 |
Sensor and Industrial Edge Device are synchronized |
 |
Sensor and Industrial Edge Device are out of sync and will synchronize soon automatically |
 |
Sensor shows a critical error - check Industrial Edge Device for notifications on that sensor |
 |
Sensor is not responding - evaluate the sensor's condition |
Onboarding, offboarding and managing a sensor
To onboard a new sensor, follow the procedure below.
Note Review the System requirements for onboarding in advance. Note As you need to switch some times between SINEC Security Guard sensor app and SINEC Security Guard, it may be convenient to open both products in separate browser instances (tabs or windows) and switch between these. Note In the procedure twice a code becomes generated by one system which needs to be entered in the other system. When using SINEC Security Guard sensor app and SINEC Security Guard on two separate computers, copying their codes to paste them on each the other computer will not work.
- In Industrial Edge Device's SINEC Security Guard sensor app:
- Use 'Onboard sensor' ①; the 'Onboard sensor' dialogue will open.
- In the dialogue, define the name of the sensor ②. The sensor name has to meet these criteria:
- uniqueness: there must be only one sensor with this name on this Industrial Edge Device
- allowed characters: digits, letters (no umlaut's), whitespace, hyphen, underscore
- capitalization: uppercase letters are unequal lowercase letters
- length: 1 to 100 characters
- The Onboarding ID ④ becomes generated automatically. Copy the Onboarding ID - use the copy functionality ③, or note the characters otherwise.
- In SINEC Security Guard:
- Navigate to 'Sensor management' ⑤.
- Use 'Onboard sensor' ⑥, ⑳.
- Paste ⑦ or enter the Onboarding ID ⑨. In most situations this initiates the automatic generation of the Invitation code ⑩; if the Invitation code does not show up after a few seconds, use 'Generate' ⑪.
- Copy the Invitation code - use the copy functionality ⑧, or note the characters otherwise.
- Use 'Ok' ⑫ to close the onboarding dialogue.
- In Industrial Edge Device's SINEC Security Guard sensor app:
- Paste ⑬ or enter the Invitation code ⑭ and use 'Start onboarding' ⑮; after some seconds the details of the newly onboarded sensor ⑯ are shown.
- In SINEC Security Guard:
- Use 'Reload page' ㉑.
- The onboarded sensor shows up in the list of sensors with status 'Setup required' ⑲.
- Select the sensor to open the related 'Sensor information' panel ㉒.
- Use 'Setup sensor' ㉔ to open the 'Setup sensor' dialogue.
- Define data for Network interface ㉖, Home networks ㉗, and Description ㉘; the already given Sensor name ㉕ also can be edited here again. Save the data ㉙.
- The sensor now awaits synchronisation ㉚.
- Close the 'Sensor information' panel ㉓.
- In Industrial Edge Device's SINEC Security Guard sensor app:
- Use 'Synchronize and test connection' ⑱.
- After a few seconds all data from SINEC Security Guard 'Setup sensor' dialogue is presented, and the sensor status is 'Online'.
- In SINEC Security Guard:
- Use 'Reload page' ㉑.
- The condition of the setup sensor is either 'No heartbeat received' or 'Online', depending on currently transfered data.
In the 'Sensor information' there are further options to control the sensor:
- To change some of the sensor's data, use Edit ㉛.
- To shut-down the sensor temporarily without offboarding it, use Disable ㉜; the sensor then will not work until it becomes enabled again ㉞.
- To get rid of the sensor completely, use Offboard ㉝. Alternatively the sensor can also be offboarded via the SINEC Security Guard sensor app ⑰.
Any action taken in SINEC Security Guard will be visible only after synchronization in the SINEC Security Guard sensor app ⑱.
| Number | Description |
|---|---|
| ① | Button to start sensor onboarding |
| Number | Description |
|---|---|
| ② | Field for sensor name |
| ③ | Button to copy the Onboarding ID into the clipboard |
| ④ | Onboarding ID |
| Number | Description |
|---|---|
| ⑤ | Main navigation button leading to Sensor management |
| ⑥ | Button to start sensor onboarding |
| Number | Description |
|---|---|
| ⑦ | Button to paste the clipboard content into the field for the Onboarding ID |
| ⑧ | Button to copy the Invitation code into the clipboard |
| ⑨ | Field for entering the Onboarding ID |
| ⑩ | Invitation code |
| ⑪ | Button to manually trigger the generation of the Invitation code |
| ⑫ | Button to close the onboarding dialogue |
| Number | Description |
|---|---|
| ⑬ | Button to paste the clipboard content into the field for the Invitation code |
| ⑭ | Field for entering the Invitation code |
| ⑮ | Button to create the sensor in SINEC Security Guard sensor app |
| Number | Description |
|---|---|
| ⑯ | Details of the onboarded sensor |
| ⑰ | Button to offboard the sensor permanently |
| ⑱ | Button to trigger synchronization between SINEC Security Guard sensor app and SINEC Security Guard, and to test the connection between both |
| Number | Description |
|---|---|
| ⑲ | Newly created sensor that requires setup |
| ⑳ | Button to start sensor onboarding |
| ㉑ | Button to reload the page and showing latest data |
| Number | Description |
|---|---|
| ㉒ | Sensor information panel showing details of the onboarded sensor |
| ㉓ | Button to close Sensor information |
| ㉔ | Button to initially complete the sensor data |
| Number | Description |
|---|---|
| ㉕ | Field for sensor name |
| ㉖ | Field for network interface |
| ㉗ | Field for Home networks |
| ㉘ | Field for description |
| ㉙ | Button to save the data and close the dialogue |
| Number | Description |
|---|---|
| ㉚ | Indication of outstanding synchronisation |
| ㉛ | Button to edit the sensor data |
| ㉜ | Button to disable the sensor temporarily |
| ㉝ | Button to offboard the sensor permanently |
| Number | Description |
|---|---|
| ㉞ | Button to enable a formerly disabled sensor again |