Basic Structure
Navigation
| Number | Explanation |
|---|---|
| ① | Siemens logo: Siemens AG is the manufacturer of the SINEC Security Guard. |
| ② | SINEC Security Guard: Name of the product |
| ③ | 'Menu' button: This allows the menu to be expanded and collapsed so that the labels are displayed or hidden. |
| ④ | User profile: Log out of the ongoing SINEC Security Guard session; to use SINEC Security Guard again, a new login is then required. |
| ⑤ | Home: Overview on the most important values of the risk situation. |
| ⑥ | Threat focus: Overview of vulnerabilities that affect products in the plant. |
| ⑦ | Asset focus: Overview of zones and assets in the plant that are affected by vulnerabilities. |
| ⑧ | Attacks: Overview of security events detected by the installed sensors that may have been triggered by cybersecurity attacks. |
| ⑨ | Inventory: Overview of all assets that SINEC Security Guard monitors. |
| ⑩ | Zone management: Overview of the created zones and the assigned assets. |
| ⑪ | Display change: Switch between light and dark display. |
| ⑫ | Legal information: Overview of various legal and version-related information. |
Home
Home shows information about the current status of SINEC Security Guard.
In the upper area, tiles (①-④) show KPIs that are relevant for the assessment of the security situation of the plant. Most of these tiles are clickable and link to the relevant pages.
These tiles are always shown, regardless of their urgency:
-
'Assets by risk level'
Each supported asset is counted with its highest total risk level; an asset with the risk levels '3 x High' and '1 x Low' counts as '1 x High' (since it is an asset and its highest risk level is 'High'). Clicking on this tile will redirect to the Asset focus page.
-
'Open asset vulnerabilities'
Each vulnerability counts with the risk level assigned to it; if an asset has 4 vulnerabilities with the risk levels '3 x High' and '1 x Low', the 'High' counter is increased by 3 and the 'Low' counter by 1. Clicking on this tile will redirect to the Threat focus page.
-
'Application overview'
Total number of assets in the inventory and the number of these that are compatible with SINEC Security Guard. In addition, the installed sensors and the time of the last inventory update are specified. Clicking on this tile will redirect to the Inventory page.
-
Optional: 'Microsoft Sentinel'
Number of security events over the last 30 days; these security events had been sent to Microsoft Sentinel automatically. There is no redirection for this tile.
In the lower area, tiles provide information about urgent fields of activity (⑤-⑦). Tiles are only shown for activity fields where there is an urgent need for change. Fields of activity without an urgent need for change are hidden and only displayed when there is a need for change.
-
Optional: 'Attacks with status 'Open''
These possible attacks are still in the managing status 'Open'. Clicking on this tile will redirect to the Attacks page.
-
'Assets not assigned to zones'
The risk level cannot be calculated for such assets. All assets should therefore be assigned to zones or the list of assets to ignore. Clicking on this tile will redirect to the Zone management page.
-
New vulnerabilities dectected in the last 30 days
The known sources of vulnerability descriptions are checked. All newly released vulnerabilities for assets from the inventory during the past 30 days are counted here. Clicking on this tile will redirect to the Threat focus page.
| Number | Tile |
|---|---|
| ① | Asset by risk level |
| ② | Threats |
| ③ | Application overview |
| ④ | Microsoft Sentinel |
| ⑤ | Number of detected security events |
| ⑥ | Number of assets that are not yet assigned to any zones |
| ⑦ | Number of newly detected vulnerabilities |
Threat focus
This area only lists all vulnerabilities ③ that are known for supported assets from the inventory. When you click on a vulnerability, additional details about it ④ are shown.
To list all products and assets affected by the vulnerability and define appropriate tasks, select a vulnerability and navigate to the 'Assets and tasks' area ⑤.
| Icon | Description |
|---|---|
| ① | Sort order selection button |
| ② | Sort order selection button |
| ③ | List of existing vulnerabilities |
| ④ | Details of the selected vulnerability |
| ⑤ | Button to jump to 'Assets and tasks' |
Vulnerability
Additional information is displayed for each vulnerability.
The CVSS rating is as follows:
| Rating | CVSS score | Color coding |
|---|---|---|
| None | 0.0 | (none) |
| Low | 0.1 – 3.9 | Blue |
| Medium | 4.0 – 6.9 | Yellow |
| High | 7.0 – 8.9 | Orange |
| Critical | 9.0 – 10.0 | Red |
| Icon | Description |
|---|---|
| ① | Title of the vulnerability |
| ② | ID of the vulnerability |
| ③ | Publisher of the vulnerability description |
| ④ | Age of the most recent change to the vulnerability description |
| ⑤ | Total risk level: Highest risk and number of assets affected by the highest risk |
| ⑥ | Total number of assets affected by this vulnerability, across all risk levels; this total number also includes the assets affected by the total risk level |
| ⑦ | CVSS score of the vulnerability; the value is also shown in color |
Details of the selected vulnerability
Only information related to assets included in the inventory is displayed.
Description
This area shows information about the description of the vulnerability as well as its impact and occurrences on assets in the plant; see 'Threat details'. This area shows options to fix the vulnerability or at least to reduce its impact or lessen the vulnerability; see 'Threat details'.
| Icon | Description |
|---|---|
| ① | Information on the origin of the vulnerability |
| ② | Distribution of the individual risk levels over all of the affected assets; see color bar for risk level. |
| ③ | Information on the effects of the vulnerability |
| ④ | Product families affected by the vulnerability |
| ⑤ | Zones affected by the vulnerability |
Recommended action
This area shows options to fix the vulnerability or at least to reduce its impact or to lessen the vulnerability.
The list of affected products and solutions describes each product with affected firmware versions and the corresponding solution; the link leads to the product page, from where a newer firmware version can be downloaded if necessary.
| Icon | Description |
|---|---|
| ① | Workarounds and mitigation |
| ② | List of affected products and solutions |
Assets and tasks
This area shows affected products and the individual assets as well as tasks planned for them. If a product ③ from the product list ② is expanded, all individual assets ④ of this product are displayed.
If you select an asset, the recommendations and tasks ⑥ are displayed and offered for selection. Changes to the tasks are applied immediately. See 'Task definition'. Asset details ⑤ can also be displayed for each asset.
Clicking the 'Close' button ⑦ takes you back to the 'Threat focus' page.
| Icon | Description |
|---|---|
| ① | Title of the vulnerability |
| ② | List of affected products and individual assets |
| ③ | Product (expanded) |
| ④ | Asset of a product ③ |
| ⑤ | 'Show asset details' button |
| ⑥ | List of recommendations and tasks |
| ⑦ | 'Close' button |
Asset focus
This area lists all zones, products, and assets from the inventory for which at least one vulnerability is known. Assets that are free of vulnerabilities are not displayed.
You can display all vulnerabilities of the selected asset and define appropriate tasks.
Zone overview
This area lists the zones affected by vulnerabilities ② and shows how they are affected ⑤. Clicking on a zone opens the 'Assets list'.
You can filter zones ① or adjust the sorting of zones ③.
Additional information is provided for each zone (④-⑦).
| Number | Description |
|---|---|
| ① | Input field for filtering the zones |
| ② | List of zones |
| ③ | Sort button |
| Number | Description |
|---|---|
| ④ | Zone name |
| ⑤ | Distribution of the individual risk levels over all of the affected assets; see color bar for risk level. |
| ⑥ | Number of assets in this zone affected by at least one vulnerability. |
| ⑦ | Ratio between [the total number of assets in this zone] and [the number of affected assets in this zone]; at '100%', every asset contained in the zone is affected by at least one vulnerability. |
Asset list for zones
This area shows information about the selected zone as well as all products and assets in the inventory that are part of the zone and affected by at least one vulnerability.
Clicking the button ① takes you back to the 'Zone overview'.
The zone details ② show important information about the zone.
The list of products ③ shows products that contain at least one asset that is in the zone and is affected by a vulnerability. Clicking on it displays all affected assets ④. Details can be displayed for a selected asset ⑥.
After you select an asset and then navigate to the 'Threats and tasks' area ⑥, all vulnerabilities of the selected asset can be viewed and appropriate tasks can be defined. For each affected asset, the greatest risk level due to the currently pending vulnerabilities ⑦ is shown. It also shows how many of these pending vulnerabilities are still in the 'Open' status, and what the highest risk level of the open vulnerabilities is ⑩.
| Number | Description |
|---|---|
| ① | Name of the selected zone and navigation back to the 'Zone overview' |
| ② | Zone details display important information about the zone |
| ③ | List of products affected by vulnerabilities |
| ④ | Highest risk level of the assets of the respective product |
| ⑤ | Button to switch to 'Threats and tasks' |
| ⑥ | Display of asset details |
| Number | Description |
|---|---|
| ⑦ | Highest risk level due to an unfixed vulnerability on this asset |
| ⑧ | Asset name |
| ⑨ | IP address of the asset |
| ⑩ | Number and highest risk level of 'Open Threats' |
Asset overview
Assets-tab ② in Asset focus shows all the vulnerable assets regardless of zone assignment. This view allows quick search for the specific asset.
| Number | Description |
|---|---|
| ① | Zones-tab displays asset risk information grouped by zone |
| ② | Assets-tab displays all the assets affected by vulnerabilities in the system |
Threats and tasks
This area shows threats that affect the selected asset ①, as well as recommended or scheduled tasks and, if applicable, asset details ③.
The list of threats ② shows which different threats threaten the security of the asset.
The risk level ⑧ shows how high the risk to the asset is from this threat. The detection date ⑫ indicates when the system first received information about the threats. Vulnerabilities that have already been managed can be hidden ④.
Details of the selected vulnerability ⑤ can be displayed, see 'Threat details'.
When you select an asset, the recommendations and tasks ⑥ are displayed and offered for selection. Changes to the tasks are applied immediately.
Clicking the 'Close' button ⑦ takes you back to the 'Asset list'.
| Number | Description |
|---|---|
| ① | Information about the asset (name, zone, IP address, installed firmware version) |
| ② | List of asset vulnerabilities |
| ③ | 'Asset details' button |
| ④ | 'Hide managed' button |
| ⑤ | 'Threat details' button |
| ⑥ | List of recommendations and tasks; see 'Task definition' |
| ⑦ | 'Close' button |
| Number | Description |
|---|---|
| ⑧ | Risk level of this vulnerability for this asset |
| ⑨ | Title of the vulnerability |
| ⑩ | Organization that disclosed the vulnerability (ID) |
| ⑪ | Brief description of the vulnerability |
| ⑫ | Date of detection of the vulnerability for this asset |
| ⑬ | Status of the vulnerability |
Attacks
This area displays security events detected by the installed sensors. Security events can turn out to be real attacks.
When you select a security event from the list of detected security events ④, additional details about it ① are shown. In the progress status ⑤, the progress of processing a security event can be logged manually.
The procedure for installing new sensors is described in Installation of attack sensors.
| Number | Description |
|---|---|
| ① | Detail area with information about a selected security event |
| ② | Button to select the sort order |
| ③ | Button to select all listed security events |
| ④ | List of detected security events |
| ⑤ | Progress status of a selected security event |
Security event
For each security event, information is displayed to facilitate easier navigation through the list of security events.
Selecting a security event displays detailed information and the current progress status. Changes to the status are applied immediately. If several assets are selected together, the same status information can be entered for them together.
| Number | Description |
|---|---|
| ① | Title of the security event type |
| ② | ID of the sensor that detected the security event |
| ③ | Button for selecting the security event |
| ④ | Progress status of the security event |
| ⑤ | Source of description |
| ⑥ | Age of the security event |
Security event details
The information in this area will help you assess the time, type, and severity of a security event. All information can be downloaded as .JSON file ①. Link ④ leads directly to the MITRE ATT@CK database.
| Number | Description |
|---|---|
| ① | Button to download a .JSON file with additional information about the security event |
| ② | Detailed information about the occurrence of the security event |
| ③ | Detailed information about the signature of the security event |
| ④ | Detailed information about the classification of the security event |
Progress status
Here you can log how far the processing of a security event has progressed. When you click on a status (①, ②, ③), the respective status is entered. Further explanations can be entered in the input field ④. Changes to status or text are saved immediately.
| Number | Description |
|---|---|
| ① | 'Open' status (pre-selected for new security events) |
| ② | 'In progress' status |
| ③ | 'Closed' status |
| ④ | Input field for an optional comment |
Inventory
This area lists all assets that have been transferred from an update source (synchronization with Siemens Industrial Asset Hub or import from a .CSV file) to SINEC Security Guard. Their total number ① is displayed separately.
Note The parallel use of both import sources (Siemens Industrial Asset Hub and .CSV file) is not possible.
The inventory lists both supported and unsupported assets; see column 'Support' ③.
-
Supported
Assets for which SINEC Security Guard has received all necessary information regarding the product, asset and vulnerabilities; for supported assets, SINEC Security Guard can display information about vulnerabilities and their impact.
-
Unsupported
Assets for which one or more items of information regarding the product, asset or vulnerabilities is missing or unreachable. For unsupported assets, SINEC Security Guard does not display information regarding vulnerabilities. You need to take other measures for transparency of the threat situation for such assets and to ensure the secure operation of the asset.
Asset details ⑤ can be displayed for a selected asset.
Note The inventory and the zone management are the only areas in SINEC Security Guard in which unsupported assets are also displayed. All other views of SINEC Security Guard show only supported assets. The display of unsupported assets in the inventory shows assets for which SINEC Security Guard does not offer support and for which you need to take other measures to avert danger.
| Number | Description |
|---|---|
| ① | Total number of supported and unsupported assets in the inventory |
| ② | Input field for filtering the assets |
| ③ | List of assets |
| ④ | Point of time of last inventory update |
| ⑤ | 'Show asset details' button |
Configuration of the inventory
Table configuration can be customized by selecting the columns to be displayed.
The order of the columns can be changed by dragging and dropping the column to the desired position.
Necessity and impact of updates
During the update, the data from the update source replaces the previous inventory. The data is not added to the existing inventory.
During an update, the data for all assets in the future inventory must always be transferred together. Assets that are not present in the update source are removed from the inventory.
It is necessary to update the inventory if something changes in the hardware, firmware or configuration used, e.g. due to the replacement of assets, the installation of a firmware update or a changed IP address.
Per asset, an update has the following effect on new existing inventory:
| Asset exists in the previous inventory | Same asset exists in the update source (IAH or .CSV) | Effect on the new inventory |
|---|---|---|
| Yes | Yes | Asset data is replaced |
| Yes | No | Asset and all associated data and tasks are removed |
| No | Yes | Asset is newly added |
Note If a .CSV file contains two entries for the same asset, the last entry is always imported.
Synchronization with Siemens Industrial Asset Hub
Note The use of the update source Siemens Industrial Asset Hub is described here; importing from a .CSV file is then not possible. Contact Siemens Support if you have any questions.
The inventory automatically synchronizes with the Siemens Industrial Asset Hub in the background several times a day. Changes to assets or asset data in the Siemens Industrial Asset Hub are synchronized with SINEC Security Guard in a timely manner.
Import from a .CSV file
Note The use of the update source .CSV is described here; synchronization with Siemens Industrial Asset Hub is then not possible. Contact Siemens Support if you have any questions.
If Inventory is present in SINEC Security Guard, a note ② shows the age of the most recent import.
The import process is initiated via a button:
-
① shows the button in the event that there is no inventory;
-
③ shows the button in the event that an inventory is already present.
To import from a file, all asset data must be stored in a .CSV file in a defined structure. The necessary structure of the file is specified in the current template file, which you download using a corresponding button ④.
Files to be uploaded must meet the following criteria:
| Criterion | Description |
|---|---|
| File Format | .CSV (Comma Separated Values) UTF8 |
| Content Structure | as current template file |
| Maximum File Size | 150MB |
| Maximum Number of Records | 6000 |
After the corresponding file has been selected ⑤ and the import has been initiated ⑥, these criteria are checked. If criteria are not met, the import is aborted and a corresponding error message is displayed in the status area ⑦.
| Number | Function |
|---|---|
| ① | Button to import asset data from a .CSV file |
| Number | Function |
|---|---|
| ② | Age of the most recent import |
| ③ | Button to import asset data from a .CSV file |
| Number | Function |
|---|---|
| ④ | Button to download the current .CSV template |
| ⑤ | Button to select the .CSV file with asset data |
| ⑥ | Button to start the import process |
| ⑦ | Status display of the import process |
Zone management
Allows you to view and edit zones and assign assets.
Zones are freely definable logical units, such as 'Brewing', 'Cooling', 'Environment', 'OT Network', etc.
Each asset can be assigned to a zone, and a zone can contain any number of assets. Its zone-specific values 'Business criticality' and 'Exposure' can be set for each zone.
All assets contained in a zone then adopt their zone values as their own values. On this basis, SINEC Security Guard can later calculate a risk level for each asset and vulnerability:
If, for example, Asset A is located in the 'chemical reactor' zone ('high business criticality', 'high exposure') and an identical Asset B is located in the 'shipping' zone ('low business criticality', 'medium exposure'), the risk level for Asset A will be higher than that for Asset B.
Zone-specific values
The following values of a zone occur in several places:
-
Number of assets
Counts all assets assigned to the zone.
-
Business criticality
Expresses how bad ('Negligible', 'Moderate', 'Critical', 'Disastrous') a failure or unsafe operation of the zone and its assets would be for the operation of the plant or the achievement of the production result.
-
Exposure
Expresses how much the zone and its components are exposed to external access. Consider all potential attack vectors (physical access, network access, etc.) and choose the lowest applicable degree of protection.
-
Individually rated
Number of assets that deviate from the zone default with respect to 'Business criticality' and/or 'Exposure'.
-
IP ranges
Number of different IP ranges created for this zone in step 2 of the Zone wizard.
-
Description
Free text to better identify the respective zone or to distinguish it from other zones.
Zone overview
The zone overview displays tiles for 'Unassigned assets' ①, 'Disregarded assets' ②, and manually created zones ⑦. The 'Zone wizard' allows for the creation of new zones ⑤ and modification of existing ones.
| Tile | Place for assets that... | Risk level... |
|---|---|---|
| 'Unassigned assets' ① | … have been newly added to the inventory or removed from 'Disregarded assets' or a zone | … is 'Undefined' for each asset, as 'Business criticality' and 'Exposure' cannot be determined |
| 'Disregarded assets' ② | … should be excluded from calculations and not considered in reports and KPIs/counters | … is not calculated, as the assets are meant to be ignored |
| Manually created zone ⑦ | … are part of a logical group within the facility and are often viewed and managed together | … is calculated and can be either 'Low', 'Medium', 'High', or 'Critical' |
Important values for each zone are displayed on the front and back of the respective tile (accessible via the buttons 'Flip view' ⑫ and 'Flip all' ④).
| Number | Element |
|---|---|
| ① | 'Unassigned assets' tile |
| ② | 'Disregarded assets' tile |
| ③ | Sort order selection button |
| ④ | 'Flip all' button |
| ⑤ | 'Create zone' button |
| ⑥ | Input field for filtering the zones |
| ⑦ | Area with manually created zones |
| Number | Element |
|---|---|
| ⑧ | Name of the zone |
| ⑨ | 'Business criticality' of the zone |
| ⑩ | 'Exposure' of the zone |
| ⑪ | Number of assets in this zone |
| ⑫ | 'Flip view' button |
| ⑬ | Individually rated |
| ⑭ | Number of 'IP ranges' |
Zone details
Zone details contain all zone-related values and offer functions to change the state of the zone. Clicking the button ① takes you back to the 'Zone overview'. The asset list ⑧ includes assets assigned to the zone.
The value 'Zone default' indicates that the asset adheres to the respective default value defined for the zone ⑥. An entry other than 'Zone default' means that a different value has been specified for this asset, counting it as 'Individually rated'. To better identify such non-default assets and, if necessary, reequip them with default settings, the 'Individually rated' button filters out assets with two default values.
A manually created zone can be modified via the 'Edit zone' button ④ and removed via the 'Delete zone' button ⑤.
| Number | Element |
|---|---|
| ① | Button for navigation to the 'Zone overview' |
| ② | Name of the selected zone |
| ③ | Button to display only those assets that are individually rated |
| ④ | 'Edit zone' button |
| ⑤ | 'Delete zone' button |
| ⑥ | Zone information |
| ⑦ | Input field for filtering assets |
| ⑧ | List of assets in the selected zone |
| ⑨ | Display of asset details |
Zone wizard
The 'Zone wizard' guides you through all the necessary steps when manually creating a new zone and also when editing an existing zone. You can switch to the respective step by clicking on a step or using the navigation buttons (⑥, ⑦):
-
Zone definition
-
IP range
-
Individual assets
-
Summary
The status of each step is displayed as follows (here using the example of the 'IP range' step: top row in 'unselected' status, bottom row in 'selected' status):
| Number | Status | Description |
|---|---|---|
| ① | Open | This step has not yet been processed |
| ② | Warning | This step contains data that needs attention |
| ③ | Error | This step contains one or more errors and prevents the wizard from completing |
| ④ | Successful | This step has been successfully completed |
The buttons for navigating through the 'Zone wizard' support you in step-by-step editing.
| Number | Action | Description |
|---|---|---|
| ⑤ | Cancel | Ends the 'Zone wizard' without creating a new zone; entered data will be discarded |
| ⑥ | Previous | Moves to the previous step (available from step 2 onwards) |
| ⑦ | Next | Moves to the following step (available until the penultimate step) |
| ⑧ | Create | Ends the 'Zone wizard' and creates a new zone with the entered data (only available in the last step) |
Zone definition
In this step, basic information about the zone is defined:
-
Zone name ②
The name of the zone. At least one character must be entered, and the zone name must not already be assigned to another zone.
-
Business criticality (③ - 'Negligible', 'Moderate', 'Critical', 'Disastrous')
Expresses how bad a failure or insecure operation of the zone and its assets would be for the operation of the facility or the achievement of the production outcome.
-
Exposure (④ - 'Low', 'Medium', 'High')
Expresses how much the zone and its components are exposed to external access; all possible attack vectors (physical access, network access, etc.) should be considered and the absolutely lowest applicable protection level should be entered.
-
Description ⑤
A text that explains the characteristics of the zone.
| Number | Element |
|---|---|
| ① | Steps of the 'Zone wizard' |
| ② | Zone name |
| ③ | Business criticality |
| ④ | Exposure |
| ⑤ | Description |
| ⑥ | Buttons for navigating through the 'Zone wizard' |
IP range
In this step, assets are added to the zone based on their belonging to an IP range.
Note Assets that are part of an IP range of the current zone and have been manually added to its exclusion list in step 'IP range' will not be listed in the step 'Individual assets'.
Any number of IP ranges ⑤ can be defined according to the IPv4 or IPv6 protocols (③, ⑥); the start IP address (⑧) and end IP address (⑨) are required for this. See also Checking user input.
IP ranges can be duplicated and also deleted (⑫, ⑬).
All assets that have at least one IP address in an IP range are automatically assigned to this range. If the IP address displayed with an asset is not in the IP range, the asset has other IP addresses, at least one of which is in the IP range.
The assignment of assets in an IP range to the zone can then be adjusted manually ⑪. For each IP range, it is shown how many assets from the IP range are actually assigned to the zone and how many assets are within the start and end addresses in principle ⑩.
The assignment of assets offers these lists:
-
Exclusion list ⑯
These assets are not assigned to the zone and remain part of the unassigned assets.
-
Assignment list ⑰
These assets are part of the zone.
It is possible to move all assets in a list ⑱ or individual assets ⑲ to the other list. The manufacturer, asset name and IP address are displayed for each asset ⑳. An input field ⑮ makes it possible to find specific assets within the lists (⑯, ⑰). The sorting of the assets can be changed (㉒).
| Number | Element |
|---|---|
| ① | Steps of the 'Zone wizard' |
| ② | Display of defined IP ranges |
| ③ | Button to create a new IP range |
| ④ | Buttons for navigation through the Zone wizard |
| Number | Element |
|---|---|
| ⑤ | IP range, consisting of start and end IP address |
| ⑥ | Button to create a new IP range |
| ⑦ | Total individual assets assigned via at least one IP range |
| ⑧ | Input field for start IP address |
| ⑨ | Input field for end IP address |
| ⑩ | Number of assigned assets |
| ⑪ | Button for navigation to manual assignment of assets |
| ⑫ | Button to display the menu |
| ⑬ | Menu with options |
| Number | Element |
|---|---|
| ⑭ | Button for navigation back to the display of IP ranges, as well as information on the selected IP range |
| ⑮ | Input field for searching assets within the IP range |
| ⑯ | List of assets to be excluded from this IP range |
| ⑰ | List of assets to be assigned to this IP range |
| ⑱ | Button to move all assets from the respective list to the other list (⑯/⑰) |
| ⑲ | Button to move this asset from the current list to the other list |
| ⑳ | Information on the asset (manufacturer, asset name, IP address) |
| ㉑ | Number of assets in the respective list |
| ㉒ | Button to adjust the sorting order |
Individual assets
In this step, assets are added to the zone that are searched for by criteria other than their IP address, e.g., by name or product type.
Note Assets that are part of an IP range of the current zone and have been manually added to its exclusion list in step 'IP range' will not be listed in the step 'Individual assets'.
The functionality of this step largely corresponds to that of the last dialog of IP range. Differences are:
-
The step does not use IP ranges and therefore does not offer navigation to a parent dialog.
-
The left list ④ shows unassigned assets instead of excluded assets.
| Number | Description |
|---|---|
| ① | Steps of the 'Zone wizard' |
| ② | Display of unassigned assets and manually added assets |
| ③ | Input field for searching assets within the IP range |
| ④ | List of unassigned assets |
| ⑤ | List of manually added assets |
| ⑥ | Button to move all assets from the respective list over to the other list (④/⑤) |
| ⑦ | Button to move this asset from the current over to the other list |
| ⑧ | Information on the asset (manufacturer, asset name, IP address) |
| ⑨ | Number of assets in the respective list |
| ⑩ | Button to adjust the sorting order |
Summary
In this step, the information on the zone definition is summarized before the data is finally confirmed and the zone is created. This step does not offer its own interaction possibilities.
The information on assigned assets ③ shows how many assets were added via IP ranges, how many were added via individually, and how many assets belong to this zone in total.
The information on the defined IP ranges ④ displays the individual IP ranges. For each IP range, the start and end IP address, the number of added, and the total number of assets belonging to the IP range are shown.
| Number | Description |
|---|---|
| ① | Steps of the 'Zone wizard' |
| ② | Information on the zone definition |
| ③ | Information on assigned assets |
| ④ | Information on the defined IP ranges |
Task management
The Task management section provides an overview of all assets with defined tasks, which can be specified via Task Definition through either the "Threats and tasks" in the Asset focus or the "Assets and tasks" in the Threat focus (①). Each asset's entry includes the number of pending tasks and firmware information(③). Detailed information for each asset can also be accessed via "Asset details"(②).
| Number | Description |
|---|---|
| ① | List of all assets for which tasks are defined |
| ② | Asset details |
| ③ | Task overview |
| ④ | Number of pending tasks for this asset |
| ⑤ | Firmware version information |
| ⑥ | Vulnerability information |
| ⑦ | Mark as implemented |
Tasks are organized by vulnerabilities, with specific vulnerability information displayed for each task. Tasks are categorized into two groups:
- Vendor fixes
Tasks which solve the vulnerability. - Workarounds and Mitigations Alternative measures to mitigate vulnerabilities if vendor fixes are not immediately applied or available.
To set a task to implemented, users can click the “Mark as Implemented” button. Implemented tasks will not be shown after reload.
-
Undoing Tasks
Users have the option to undo Workarounds and Mitigations until the system is reloaded. Note that Vendor fixes cannot be undone(⑨). - Firmware Updates
When a user implements a firmware update, all tasks associated with other vulnerabilities will be reset to open status.
| Number | Description |
|---|---|
| ⑧ | Marker that all tasks are implemented |
| ⑨ | Undo button for workarounds and mitigations |
Once all tasks for an asset are implemented, the asset will be marked as completed in the list(⑧). After a system reload, fully completed assets will no longer be displayed in the Task Management section.