Skip to content

Basic structure

none

Number Explanation
Siemens logo: Siemens AG is the manufacturer of the SINEC Security Guard.
SINEC Security Guard: Name of the product
'Menu' button: This allows the menu to be expanded and collapsed so that the labels are displayed or hidden.
User profile: Log out of the ongoing SINEC Security Guard session; to use SINEC Security Guard again, a new login is then required.
Home: Overview on the most important values of the risk situation.
Threat focus: Overview of vulnerabilities that affect products in the plant.
Asset focus: Overview of zones and assets in the plant that are affected by vulnerabilities.
Attacks: Overview of security events detected by the installed sensors that may have been triggered by cybersecurity attacks.
Task management: Overview of tasks which had been defined to handle vulnerabilities of assets.
Inventory: Overview of all assets that SINEC Security Guard monitors.
Zone management: Overview of the created zones and the assigned assets.
Sensor management: Overview of the sensors for attack detection.
Display change: Options for language and visual representation.
About & legal information: Overview of various legal and version-related information, the documentation, and contact.

Home

The Home section provides information about the current status of SINEC Security Guard.

In the upper area, tiles (①-④) show KPIs that are relevant for the assessment of the security situation of the plant. Most of these tiles are clickable and link to the relevant pages.

These tiles are always shown, regardless of their urgency:

  • 'Assets by risk level'

    Each supported asset is counted with its highest total risk level; an asset with the risk levels '3 x High' and '1 x Low' counts as '1 x High' (since it is an asset and its highest risk level is 'High'). Clicking on this tile will redirect to the Asset focus page.

  • 'Open asset vulnerabilities'

    Each vulnerability counts with the risk level assigned to it; if an asset has 4 vulnerabilities with the risk levels '3 x High' and '1 x Low', the 'High' counter is increased by 3 and the 'Low' counter by 1. Clicking on this tile will redirect to the Threat focus page.

  • 'Application overview'

    Total number of assets in the inventory and the number of these that are compatible with SINEC Security Guard. In addition, the installed sensors and the time of the last inventory update are specified. Clicking on this tile will redirect to the Inventory page.

  • Optional: 'Microsoft Sentinel'

    Number of security events over the last 30 days; these security events had been sent to Microsoft Sentinel automatically. There is no redirection for this tile.

In the lower area, tiles provide information about urgent fields of activity (⑤-⑦). Tiles are only shown for activity fields where there is an urgent need for change. Fields of activity without an urgent need for change are hidden and only displayed when there is a need for change.

  • Optional: 'Attacks with status 'Open''

    These possible attacks are still in the managing status 'Open'. Clicking on this tile will redirect to the Attacks page.

  • 'Assets not assigned to zones'

    The risk level cannot be calculated for such assets. All assets should therefore be assigned to zones or the list of assets to ignore. Clicking on this tile will redirect to the Zone management page.

  • New vulnerabilities dectected in the last 30 days

    The known sources of vulnerability descriptions are checked. All newly released vulnerabilities for assets from the inventory during the past 30 days are counted here. Clicking on this tile will redirect to the Threat focus page.

none

Number Tile
Asset by risk level
Threats
Application overview
Microsoft Sentinel
Number of detected security events
Number of assets that are not yet assigned to any zones
Number of newly detected vulnerabilities

Threat focus

This area lists all vulnerabilities ③ that are known for supported assets from the inventory. When you click on a vulnerability, additional details about it ④ are shown.

To list all products and assets affected by the vulnerability and define appropriate tasks, select a vulnerability and navigate to the 'Assets and tasks' area ⑤.

none

Icon Description
Sort order selection button
Sort order selection button
List of existing vulnerabilities
Details of the selected vulnerability
Button to jump to 'Assets and tasks'

Vulnerability

Additional information is displayed for each vulnerability.

The CVSS rating is as follows:

Rating CVSS score Color coding
None 0.0 (none)
Low 0.1 – 3.9 Blue
Medium 4.0 – 6.9 Yellow
High 7.0 – 8.9 Orange
Critical 9.0 – 10.0 Red

none

Icon Description
Title of the vulnerability
ID of the vulnerability
Publisher of the vulnerability description
Age of the vulnerability description
Total risk level: Highest risk and number of assets affected by the highest risk
Total number of assets affected by this vulnerability, across all risk levels; this total number also includes the assets affected by the total risk level
CVSS score of the vulnerability; the value is also shown in color

Details of the selected vulnerability

Only information related to assets included in the inventory is displayed.

Description

This area shows information about the description of the vulnerability as well as its impact and occurrences on assets in the plant; see 'Threat details'. This area shows options to fix the vulnerability or at least to reduce its impact or lessen the vulnerability; see 'Threat details'.

none

Icon Description
Information on the origin of the vulnerability
Distribution of the individual risk levels over all of the affected assets; see color bar for risk level.
Information on the effects of the vulnerability
Product families affected by the vulnerability
Zones affected by the vulnerability

Recommended action

This area shows options to fix the vulnerability or at least to reduce its impact or to lessen the vulnerability.

The list of affected products and solutions describes each product with affected firmware versions and the corresponding solution; the link leads to the product page, from where a newer firmware version can be downloaded if necessary.

none

Icon Description
Workarounds and mitigation
List of affected products and solutions

Assets and tasks

This area shows affected products and the individual assets as well as tasks planned for them. If a product ③ from the product list ② is expanded, all individual assets ④ of this product are displayed.

If you select an asset, the recommendations and tasks ⑥ are displayed and offered for selection. Changes to the tasks are applied immediately. See 'Task definition'. Asset details ⑤ can also be displayed for each asset.

Clicking the 'Close' button ⑦ takes you back to the 'Threat focus' page.

none

Icon Description
Title of the vulnerability
List of affected products and individual assets
Product (expanded)
Asset of a product ③
'Show asset details' button
List of recommendations and tasks
'Close' button

Asset focus

This area lists all zones, products, and assets from the inventory for which at least one vulnerability is known. Assets that are free of vulnerabilities are not displayed.

You can display all vulnerabilities of the selected asset and define appropriate tasks.

Zone overview

This area lists the zones affected by vulnerabilities ② and shows how they are affected ⑤. Clicking on a zone opens the 'Assets list'.

You can filter zones ① or adjust the sorting of zones ③.

Additional information is provided for each zone (④-⑦).

none

Number Description
Input field for filtering the zones
List of zones
Sort button

none

Number Description
Zone name
Distribution of the individual risk levels over all of the affected assets; see color bar for risk level.
Number of assets in this zone affected by at least one vulnerability.
Ratio between [the total number of assets in this zone] and [the number of affected assets in this zone]; at '100%', every asset contained in the zone is affected by at least one vulnerability.

Asset list for zones

This area shows information about the selected zone as well as all products and assets in the inventory that are part of the zone and affected by at least one vulnerability.

Clicking the button ① takes you back to the 'Zone overview'.

The zone details ② show important information about the zone.

The list of products ③ shows products that contain at least one asset that is in the zone and is affected by a vulnerability. Clicking on it displays all affected assets ④. Details can be displayed for a selected asset ⑥.

After you select an asset and then navigate to the 'Threats and tasks' area ⑥, all vulnerabilities of the selected asset can be viewed and appropriate tasks can be defined. For each affected asset, the greatest risk level due to the currently pending vulnerabilities ⑦ is shown. It also shows how many of these pending vulnerabilities are still in the 'Open' status, and what the highest risk level of the open vulnerabilities is ⑩.

none

Number Description
Name of the selected zone and navigation back to the 'Zone overview'
Zone details display important information about the zone
List of products affected by vulnerabilities
Highest risk level of the assets of the respective product
Button to switch to 'Threats and tasks'
Display of asset details

none

Number Description
Highest risk level due to an unfixed vulnerability on this asset
Asset name
IP address of the asset
Number and highest risk level of 'Open Threats'

Asset overview

Assets-tab ② in Asset focus shows all the vulnerable assets regardless of zone assignment. This view allows quick search for the specific asset.

none

Number Description
Zones-tab displays asset risk information grouped by zone
Assets-tab displays all the assets affected by vulnerabilities in the system

Threats and tasks

This area shows threats that affect the selected asset ①, as well as recommended or scheduled tasks and, if applicable, asset details ③.

The list of threats ② shows which different threats threaten the security of the asset.

The risk level ⑧ shows how high the risk to the asset is from this threat. The detection date ⑫ indicates when the system first received information about the threats. Vulnerabilities that have already been managed can be hidden ④.

Details of the selected vulnerability ⑤ can be displayed, see 'Threat details'.

When you select an asset, the recommendations and tasks ⑥ are displayed and offered for selection. Changes to the tasks are applied immediately.

Clicking the 'Close' button ⑦ takes you back to the 'Asset list'.

none

Number Description
Information about the asset (name, zone, IP address, installed firmware version)
List of asset vulnerabilities
'Asset details' button
'Hide managed' button
'Threat details' button
List of recommendations and tasks; see 'Task definition'
'Close' button

none

Number Description
Risk level of this vulnerability for this asset
Title of the vulnerability
Organization that disclosed the vulnerability (ID)
Brief description of the vulnerability
Date of detection of the vulnerability for this asset
Status of the vulnerability

Attacks

This area displays security events detected by the installed and onboarded sensors. Security events can turn out to be real attacks.

When you select a security event from the list of detected security events ④, additional details about it ① are shown. In the progress status ⑤, the progress of processing a security event can be logged manually.

The procedure for installing new sensors is described in Installation of attack sensors.

none

Number Description
Detail area with information about a selected security event
Button to select the sort order
Button to select all listed security events
List of detected security events
Progress status of a selected security event

Security event

For each security event, information is displayed to facilitate easier navigation through the list of security events.

Selecting a security event displays detailed information and the current progress status. Changes to the status are applied immediately. If several assets are selected together, the same status information can be entered for them together.

none

Number Description
Title of the security event type
ID of the sensor that detected the security event
Button for selecting the security event
Progress status of the security event
Source of description
Age of the security event

Security event details

The information in this area will help you assess the time, type, and severity of a security event. All information can be downloaded as .JSON file ①. Link ④ leads directly to the MITRE ATT@CK database.

none

Number Description
Button to download a .JSON file with additional information about the security event
Detailed information about the occurrence of the security event
Detailed information about the signature of the security event
Detailed information about the classification of the security event

Progress status

Here you can log how far the processing of a security event has progressed. When you click on a status (①, ②, ③), the respective status is entered. Further explanations can be entered in the input field ④. Changes to status or text are saved immediately.

none

Number Description
'Open' status (pre-selected for new security events)
'In progress' status
'Closed' status
Input field for an optional comment

Inventory

This area lists all assets that have been transferred from an update source (synchronization with Siemens Industrial Asset Hub or import from a .CSV file) to SINEC Security Guard. Their total number ① is displayed separately.

Note
The parallel use of both import sources (Siemens Industrial Asset Hub and .CSV file) is not possible.

The inventory lists both supported and unsupported assets; see column 'Support' ③.

  • Supported

    Assets for which SINEC Security Guard has received all necessary information regarding the product, asset and vulnerabilities; for supported assets, SINEC Security Guard can display information about vulnerabilities and their impact.

  • Unsupported

    Assets for which one or more items of information regarding the product, asset or vulnerabilities is missing or unreachable. For unsupported assets, SINEC Security Guard does not display information regarding vulnerabilities. You need to take other measures for transparency of the threat situation for such assets and to ensure the secure operation of the asset.

Asset details ⑤ can be displayed for a selected asset.

Note
The inventory and the zone management are the only areas in SINEC Security Guard in which unsupported assets are also displayed. All other views of SINEC Security Guard show only supported assets. The display of unsupported assets in the inventory shows assets for which SINEC Security Guard does not offer support and for which you need to take other measures to avert danger.

none

Number Description
Total number of supported and unsupported assets in the inventory
Input field for filtering the assets
List of assets
Point of time of last inventory update
'Show asset details' button

Configuration of the inventory

Table configuration can be customized by selecting the columns to be displayed. The order of the columns can be changed by dragging and dropping the column to the desired position. none

Necessity and impact of updates

During the update, the data from the update source replaces the previous inventory. The data is not added to the existing inventory.

During an update, the data for all assets in the future inventory must always be transferred together. Assets that are not present in the update source are removed from the inventory.

It is necessary to update the inventory if something changes in the hardware, firmware or configuration used, e.g. due to the replacement of assets, the installation of a firmware update or a changed IP address.

Per asset, an update has the following effect on new existing inventory:

Asset exists in the previous inventory Same asset exists in the update source (IAH or .CSV) Effect on the new inventory
Yes Yes Asset data is replaced
Yes No Asset and all associated data and tasks are removed
No Yes Asset is newly added

Note
If a .CSV file contains two entries for the same asset, the last entry is always imported.

Synchronization with Siemens Industrial Asset Hub

Note
The use of the update source Siemens Industrial Asset Hub is described here; importing from a .CSV file is then not possible. Contact Siemens Support if you have any questions.

The inventory automatically synchronizes with the Siemens Industrial Asset Hub in the background several times a day. Changes to assets or asset data in the Siemens Industrial Asset Hub are synchronized with SINEC Security Guard in a timely manner.

Import from a .CSV file

Note
The use of the update source .CSV is described here; synchronization with Siemens Industrial Asset Hub is then not possible. Contact Siemens Support if you have any questions.

If an inventory is present in SINEC Security Guard, a note ② shows the age of the most recent import. If an inventory is present in SINEC Security Guard, a note ② shows the age of the most recent import.

The import process is initiated via a button:

  • ① shows the button in the event that there is no inventory;

  • ③ shows the button in the event that an inventory is already present.

To import from a file, all asset data must be stored in a .CSV file in a defined structure. The necessary structure of the file is specified in the current template file, which you can download using a corresponding button ④. Always use the structure of the latest template version: Using a structure unlike the current template file leads to an error, and the already existing inventory in SINEC Security Guard remains untouched.

Files to be uploaded must meet the following criteria:

Criterion Description
File Format .CSV (Comma Separated Values) UTF8
Content Structure as current template file
Maximum File Size 150MB
Maximum Number of Records 6000

After the corresponding file has been selected ⑤ and the import has been initiated ⑥, these criteria are checked. If criteria are not met, the import is aborted and a corresponding error message is displayed in the status area ⑦.

none

Number Function
Button to import asset data from a .CSV file

none

Number Function
Age of the most recent import
Button to import asset data from a .CSV file

none

Number Function
Button to download the current .CSV template
Button to select the .CSV file with asset data
Button to start the import process
Status display of the import process

Data in .CSV file

Note
The structure of the .CSV file may change over time. Siemens recommends to always download the latest version of the .CSV file. You may edit the file with any text editor or spreadsheet editor. Formatting and column separation work according to the CSV standard.

The .CSV file's first row shows the column headers. Each further row contains the data of one asset.

The table below informs about the structure of the .CSV file; the table contains this information:

  • Column: Each column in the .CSV file represents one parameter that adds data to each asset; each column needs to be part of the .CSV file, and the order of columns must be kept as shown.
  • Description: Meaning of the parameter.
  • Asset identification: Parameters which are marked as "Yes" are used to identify an asset as individual; if there is more than one row containing data of the same identified asset, only its first data row will be used and all other rows for this asset will be ignored.
  • Column header is mandatory: 'Yes' means that the .CSV file must contain a column with this header. 'No' means that it is optional having a column with this header.
  • Asset data is mandatory: 'Yes' means that per asset this column cell must contain data. 'No' means that it is optional providing data.
Column Description Asset identification Column header is mandatory Asset data is mandatory
asset_name Name of the asset No Yes Yes
serial_number Serial number of the asset Yes Yes Yes
hardware_version Hardware version of the asset No Yes Yes
firmware_version Version of the firmware that is currently installed on the asset No Yes Yes
network_name Name of the network the asset is part of No Yes Yes
ip IP address of the asset (V4 or V6) No Yes No
mac MAC address of the asset No Yes Yes
product_article_number Article number of the asset, to be retrieved from the vendor Yes Yes Yes
product_vendor Name of the company that has produced this asset Yes Yes Yes
product_name Name of the product - often used for non-Siemens assets No No No
note Leave any note here No Yes No
zone_name Name of the zone the asset belongs to No No No.
If empty: The asset gets applied to 'Unassigned assets'.
If not empty: The asset gets applied to the zone of this name; if the zone doesn't yet exist, it becomes created.

Zone management

The Zone management section provides an overview over all zones and their assets and allows to edit and assign assets to zones.

Zones are freely definable logical units, such as 'Brewing', 'Cooling', 'Environment', 'OT Network', etc.

Each asset can be assigned to a zone, and a zone can contain any number of assets. Its zone-specific values 'Business criticality' and 'Exposure' can be set for each zone.

All assets contained in a zone then adopt their zone values as their own values. On this basis, SINEC Security Guard can later calculate a risk level for each asset and vulnerability:

If, for example, Asset A is located in the 'chemical reactor' zone ('high business criticality', 'high exposure') and an identical Asset B is located in the 'shipping' zone ('low business criticality', 'medium exposure'), the risk level for Asset A will be higher than that for Asset B.

Zone-specific values

The following values of a zone occur in several places:

  • Number of assets

    Counts all assets assigned to the zone.

  • Business criticality

    Expresses how bad ('Negligible', 'Moderate', 'Critical', 'Disastrous') a failure or unsafe operation of the zone and its assets would be for the operation of the plant or the achievement of the production result.

  • Exposure

    Expresses how much the zone and its components are exposed to external access. Consider all potential attack vectors (physical access, network access, etc.) and choose the lowest applicable degree of protection.

  • Individually rated

    Number of assets that deviate from the zone default with respect to 'Business criticality' and/or 'Exposure'.

  • IP ranges

    Number of different IP ranges created for this zone in step 2 of the Zone wizard.

  • Description

    Free text to better identify the respective zone or to distinguish it from other zones.

Zone overview

The zone overview displays tiles for 'Unassigned assets' ①, 'Disregarded assets' ②, and manually created zones ⑦. The 'Zone wizard' allows for the creation of new zones ⑤ and modification of existing ones.

Tile Place for assets that... Risk level...
'Unassigned assets' ① … have been newly added to the inventory or removed from 'Disregarded assets' or a zone … is 'Undefined' for each asset, as 'Business criticality' and 'Exposure' cannot be determined
'Disregarded assets' ② … should be excluded from calculations and not considered in reports and KPIs/counters … is not calculated, as the assets are meant to be ignored
Manually created zone ⑦ … are part of a logical group within the facility and are often viewed and managed together … is calculated and can be either 'Low', 'Medium', 'High', or 'Critical'

Important values for each zone are displayed on the front and back of the respective tile (accessible via the buttons 'Flip view' ⑫ and 'Flip all' ④).

none

Number Element
'Unassigned assets' tile
'Disregarded assets' tile
Sort order selection button
'Flip all' button
'Create zone' button
Input field for filtering the zones
Area with manually created zones

none

Number Element
Name of the zone
'Business criticality' of the zone
'Exposure' of the zone
Number of assets in this zone
'Flip view' button
Individually rated
Number of 'IP ranges'

Zone details

Zone details contain all zone-related values and offer functions to change the state of the zone. Clicking the button ① takes you back to the 'Zone overview'. The asset list ⑧ includes assets assigned to the zone.

The value 'Zone default' indicates that the asset adheres to the respective default value defined for the zone ⑥. An entry other than 'Zone default' means that a different value has been specified for this asset, counting it as 'Individually rated'. To better identify such non-default assets and, if necessary, reequip them with default settings, the 'Individually rated' button filters out assets with two default values.

A manually created zone can be modified via the 'Edit zone' button ④ and removed via the 'Delete zone' button ⑤.

none

Number Element
Button for navigation to the 'Zone overview'
Name of the selected zone
Button to display only those assets that are individually rated
'Edit zone' button
'Delete zone' button
Zone information
Input field for filtering assets
List of assets in the selected zone
Display of asset details

Zone wizard

The 'Zone wizard' guides you through all the necessary steps when manually creating a new zone and also when editing an existing zone. You can switch to the respective step by clicking on a step or using the navigation buttons (⑥, ⑦):

  • Zone definition

  • IP range

  • Individual assets

  • Summary

The status of each step is displayed as follows (here using the example of the 'IP range' step: top row in 'unselected' status, bottom row in 'selected' status):

none

Number Status Description
Open This step has not yet been processed
Warning This step contains data that needs attention
Error This step contains one or more errors and prevents the wizard from completing
Successful This step has been successfully completed

The buttons for navigating through the 'Zone wizard' support you in step-by-step editing.

none

Number Action Description
Cancel Ends the 'Zone wizard' without creating a new zone; entered data will be discarded
Previous Moves to the previous step (available from step 2 onwards)
Next Moves to the following step (available until the penultimate step)
Create Ends the 'Zone wizard' and creates a new zone with the entered data (only available in the last step)

Zone definition

In this step, basic information about the zone is defined:

  • Zone name ②

    The name of the zone. At least one character must be entered, and the zone name must not already be assigned to another zone.

  • Business criticality (③ - 'Negligible', 'Moderate', 'Critical', 'Disastrous')

    Expresses how bad a failure or insecure operation of the zone and its assets would be for the operation of the facility or the achievement of the production outcome.

  • Exposure (④ - 'Low', 'Medium', 'High')

    Expresses how much the zone and its components are exposed to external access; all possible attack vectors (physical access, network access, etc.) should be considered and the absolutely lowest applicable protection level should be entered.

  • Description ⑤

    A text that explains the characteristics of the zone.

none

Number Element
Steps of the 'Zone wizard'
Zone name
Business criticality
Exposure
Description
Buttons for navigating through the 'Zone wizard'

IP range

In this step, assets are added to the zone based on their belonging to an IP range.

Note
Assets that are part of an IP range of the current zone and have been manually added to its exclusion list in step 'IP range' will not be listed in the step 'Individual assets'.

Any number of IP ranges ⑤ can be defined according to the IPv4 or IPv6 protocols (③, ⑥); the start IP address (⑧) and end IP address (⑨) are required for this. See also Checking user input.

IP ranges can be duplicated and also deleted (⑫, ⑬).

All assets that have at least one IP address in an IP range are automatically assigned to this range. If the IP address displayed with an asset is not in the IP range, the asset has other IP addresses, at least one of which is in the IP range.

The assignment of assets in an IP range to the zone can then be adjusted manually ⑪. For each IP range, it is shown how many assets from the IP range are actually assigned to the zone and how many assets are within the start and end addresses in principle ⑩.

The assignment of assets offers these lists:

  • Exclusion list ⑯

    These assets are not assigned to the zone and remain part of the unassigned assets.

  • Assignment list ⑰

    These assets are part of the zone.

It is possible to move all assets in a list ⑱ or individual assets ⑲ to the other list. The manufacturer, asset name and IP address are displayed for each asset ⑳. An input field ⑮ makes it possible to find specific assets within the lists (⑯, ⑰). The sorting of the assets can be changed (㉒).

none

Number Element
Steps of the 'Zone wizard'
Display of defined IP ranges
Button to create a new IP range
Buttons for navigation through the Zone wizard

none

Number Element
IP range, consisting of start and end IP address
Button to create a new IP range
Total individual assets assigned via at least one IP range
Input field for start IP address
Input field for end IP address
Number of assigned assets
Button for navigation to manual assignment of assets
Button to display the menu
Menu with options

none

Number Element
Button for navigation back to the display of IP ranges, as well as information on the selected IP range
Input field for searching assets within the IP range
List of assets to be excluded from this IP range
List of assets to be assigned to this IP range
Button to move all assets from the respective list to the other list (⑯/⑰)
Button to move this asset from the current list to the other list
Information on the asset (manufacturer, asset name, IP address)
Number of assets in the respective list
Button to adjust the sorting order

Individual assets

In this step, assets are added to the zone that are searched for by criteria other than their IP address, e.g., by name or product type.

Note
Assets that are part of an IP range of the current zone and have been manually added to its exclusion list in step 'IP range' will not be listed in the step 'Individual assets'.

The functionality of this step largely corresponds to that of the last dialog of IP range. Differences are:

  • The step does not use IP ranges and therefore does not offer navigation to a parent dialog.

  • The left list ④ shows unassigned assets instead of excluded assets.

none

Number Description
Steps of the 'Zone wizard'
Display of unassigned assets and manually added assets
Input field for searching assets within the IP range
List of unassigned assets
List of manually added assets
Button to move all assets from the respective list over to the other list (④/⑤)
Button to move this asset from the current over to the other list
Information on the asset (manufacturer, asset name, IP address)
Number of assets in the respective list
Button to adjust the sorting order

Summary

In this step, the information on the zone definition is summarized before the data is finally confirmed and the zone is created. This step does not offer its own interaction possibilities.

The information on assigned assets ③ shows how many assets were added via IP ranges, how many were added via individually, and how many assets belong to this zone in total.

The information on the defined IP ranges ④ displays the individual IP ranges. For each IP range, the start and end IP address, the number of added, and the total number of assets belonging to the IP range are shown.

none

Number Description
Steps of the 'Zone wizard'
Information on the zone definition
Information on assigned assets
Information on the defined IP ranges

Task management

Note
When using SINEC Security Guard in combination with ServiceNow®, additionally refer to Usage with ServiceNow®.

The Task management section provides an overview of all assets with defined tasks, which can be specified via Task definition through either the 'Threats and tasks' in the Asset focus or the 'Assets and tasks' in the Threat focus (①). Each asset's entry includes the number of pending tasks and firmware information (③). Detailed information for each asset can also be accessed via "Asset details" (②).

none

Number Description
List of all assets for which tasks are defined
Asset details
Task overview
Number of pending tasks for this asset
Firmware version information
Vulnerability information
Mark as implemented

Tasks are organized by vulnerabilities, with specific vulnerability information displayed for each task. Tasks are categorized into two groups:

  • Vendor fixes: Tasks which solve the vulnerability and which cannot be undone - e.g. a firmware update.
  • Workarounds and Mitigations: Alternative measures to mitigate vulnerabilities if vendor fixes are not immediately applied or available - e.g. a configuration change.

To set a task to implemented, users can click the “Mark as Implemented” button. Implemented tasks will not be shown after reload.

  • Undoing Tasks: Users have the option to undo Workarounds and Mitigations until the system is reloaded. Note that Vendor fixes cannot be undone (⑨).
  • Firmware updates: When a user implements a firmware update, all tasks associated with other vulnerabilities will be reset to open status.

none

Number Description
Marker that all tasks are implemented
Undo button for workarounds and mitigations

Once all tasks for an asset are implemented, the asset will be marked as completed in the list (⑧). After a system reload, fully completed assets will no longer be displayed in the Task management section.

Sensor management

The Sensor management section provides an overview of all sensors which help to identify cyber attacks and allows to manage them. The total number of sensors is displayed separately ①.

Sensors observe traffic data; this is a precondition for detecting suspicious findings in Attack.

Sensor status

Per sensor, the sensor list shows the current status ②, the sensor name ③ , when the sensor had sent data last time ④, and its condition ⑤.

none

Number Description
Total amount of sensors
Current status of the sensor - see below status'
Name of the sensor
Last contact was ...
Condition of the sensor - see below sensor conditions
Status Description
none Sensor newly onboarded; follow the setup process to enable the sensor
none Sensor is enabled to be used
none Sensor became disabled manually; enable it again for further usage
Sensor condition Description
none Sensor and Industrial Edge Device are synchronized
none Sensor and Industrial Edge Device are out of sync and will synchronize soon automatically
none Sensor shows a critical error - check Industrial Edge Device for notifications on that sensor
none Sensor is not responding - evaluate the sensor's condition

Onboarding, offboarding and managing a sensor

To onboard a new sensor, follow the procedure below.

Note
Review the System requirements for onboarding in advance. Note
As you need to switch some times between SINEC Security Guard sensor app and SINEC Security Guard, it may be convenient to open both products in separate browser instances (tabs or windows) and switch between these. Note
In the procedure twice a code becomes generated by one system which needs to be entered in the other system. When using SINEC Security Guard sensor app and SINEC Security Guard on two separate computers, copying their codes to paste them on each the other computer will not work.

  1. In Industrial Edge Device's SINEC Security Guard sensor app:
    • Use 'Onboard sensor' ①; the 'Onboard sensor' dialogue will open.
    • In the dialogue, define the name of the sensor ②. The sensor name has to meet these criteria:
      • uniqueness: there must be only one sensor with this name on this Industrial Edge Device
      • allowed characters: digits, letters (no umlaut's), whitespace, hyphen, underscore
      • capitalization: uppercase letters are unequal lowercase letters
      • length: 1 to 100 characters
    • The Onboarding ID ④ becomes generated automatically. Copy the Onboarding ID - use the copy functionality ③, or note the characters otherwise.
  2. In SINEC Security Guard:
    • Navigate to 'Sensor management' ⑤.
    • Use 'Onboard sensor' ⑥, ⑳.
    • Paste ⑦ or enter the Onboarding ID ⑨. In most situations this initiates the automatic generation of the Invitation code ⑩; if the Invitation code does not show up after a few seconds, use 'Generate' ⑪.
    • Copy the Invitation code - use the copy functionality ⑧, or note the characters otherwise.
    • Use 'Ok' ⑫ to close the onboarding dialogue.
  3. In Industrial Edge Device's SINEC Security Guard sensor app:
    • Paste ⑬ or enter the Invitation code ⑭ and use 'Start onboarding' ⑮; after some seconds the details of the newly onboarded sensor ⑯ are shown.
  4. In SINEC Security Guard:
    • Use 'Reload page' ㉑.
    • The onboarded sensor shows up in the list of sensors with status 'Setup required' ⑲.
    • Select the sensor to open the related 'Sensor information' panel ㉒.
    • Use 'Setup sensor' ㉔ to open the 'Setup sensor' dialogue.
    • Define data for Network interface ㉖, Home networks ㉗, and Description ㉘; the already given Sensor name ㉕ also can be edited here again. Save the data ㉙.
    • The sensor now awaits synchronisation ㉚.
    • Close the 'Sensor information' panel ㉓.
  5. In Industrial Edge Device's SINEC Security Guard sensor app:
    • Use 'Synchronize and test connection' ⑱.
    • After a few seconds all data from SINEC Security Guard 'Setup sensor' dialogue is presented, and the sensor status is 'Online'.
  6. In SINEC Security Guard:
    • Use 'Reload page' ㉑.
    • The condition of the setup sensor is either 'No heartbeat received' or 'Online', depending on currently transfered data.

In the 'Sensor information' there are further options to control the sensor:

  • To change some of the sensor's data, use Edit ㉛.
  • To shut-down the sensor temporarily without offboarding it, use Disable ㉜; the sensor then will not work until it becomes enabled again ㉞.
  • To get rid of the sensor completely, use Offboard ㉝. Alternatively the sensor can also be offboarded via the SINEC Security Guard sensor app ⑰.

Any action taken in SINEC Security Guard will be visible only after synchronization in the SINEC Security Guard sensor app ⑱.

none

Number Description
Button to start sensor onboarding

none

Number Description
Field for sensor name
Button to copy the Onboarding ID into the clipboard
Onboarding ID

none

Number Description
Main navigation button leading to Sensor management
Button to start sensor onboarding

none

Number Description
Button to paste the clipboard content into the field for the Onboarding ID
Button to copy the Invitation code into the clipboard
Field for entering the Onboarding ID
Invitation code
Button to manually trigger the generation of the Invitation code
Button to close the onboarding dialogue

none

Number Description
Button to paste the clipboard content into the field for the Invitation code
Field for entering the Invitation code
Button to create the sensor in SINEC Security Guard sensor app

none

Number Description
Details of the onboarded sensor
Button to offboard the sensor permanently
Button to trigger synchronization between SINEC Security Guard sensor app and SINEC Security Guard, and to test the connection between both

none

Number Description
Newly created sensor that requires setup
Button to start sensor onboarding
Button to reload the page and showing latest data

none

Number Description
Sensor information panel showing details of the onboarded sensor
Button to close Sensor information
Button to initially complete the sensor data

none

Number Description
Field for sensor name
Field for network interface
Field for Home networks
Field for description
Button to save the data and close the dialogue

none

Number Description
Indication of outstanding synchronisation
Button to edit the sensor data
Button to disable the sensor temporarily
Button to offboard the sensor permanently

none

Number Description
Button to enable a formerly disabled sensor again