Siemens Industry Online Support
Siemens AG
Entry type: Application example Entry ID: 109748211, Entry date: 06/30/2017

Recording User Activity on a SIMATIC Controller Using a SIEM System

  • Entry
  • Associated product(s)
Modern automation infrastructures are becoming increasingly complex. The individual stations and components in the automation plant are increasingly networked and develop continuously. Due to this deep complexity and networking as well as the standardization, certification and regulatory requirements, the issue of industrial security is becoming increasingly important.

In order to meet the requirements of leading security standard IEC 62443 in the industrial environment, one measure that must be taken is fully recording all user activities. An important prerequisite for this is the generation and provision of appropriate security events.
The task is to record the user activity as completely as possible by using a SIEM system (McAfee SIEM in this case). In particular, the name of the user who performs certain actions on a SIMATIC controller should be recorded.

Plant diagram
This application example describes an approach for applicative determination of the user name using a SIEM system. The approach is also illustrated using the example of the SIEM system by McAfee, McAfee SIEM.
  • Efficient applicative determination of the user name and thus improves proactive detection of unauthorized access and deviations from normal behavior 
  • Ensure compliance with relevant standardization, certification and regulatory requirements

Documentation and correlation rule
 Documentation (2,2 MB)
 Registrierung notwendig Correlation rule (1,4 KB)
SHA-256 Hash Code: 6B560715E3BF481F7942F0BAE4316B341C08B54617C38012CA2E81F30E6097EB