Recording User Activity on a SIMATIC Controller Using a SIEM System
In order to meet the requirements of leading security standard IEC 62443 in the industrial environment, one measure that must be taken is fully recording all user activities. An important prerequisite for this is the generation and provision of appropriate security events.
The task is to record the user activity as completely as possible by using a SIEM system (McAfee SIEM in this case). In particular, the name of the user who performs certain actions on a SIMATIC controller should be recorded.
This application example describes an approach for applicative determination of the user name using a SIEM system. The approach is also illustrated using the example of the SIEM system by McAfee, McAfee SIEM.
- Efficient applicative determination of the user name and thus improves proactive detection of unauthorized access and deviations from normal behavior
- Ensure compliance with relevant standardization, certification and regulatory requirements