Use Splunk for OT/ICS security

The OT-BASE Technical Add-on gives you instant visibility of your OT assets in Splunk. Use existing search queries, dashboards and workflows for OT devices and software. The OT-BASE Add-on is CIM compatible and integrated with Splunk Enterprise Security.

One analytical platform for IT and OT

Ever wished that you could analyze your OT assets in the same way as IT, using identical queries, workflows, and dashboards? With the OT-BASE Technical Add-on for Splunk you can. OT-BASE extends your visibility beyond IT to the critical systems in your organization that are the backbone of revenue generation.

Visibility

Search and analyze your OT infrastructure, using queries, pivots, and dashboards

Vulnerability Management

Track cyber vulnerabilities not only in IT, but also in OT

Threat Hunting

Contextualize your searches with rich asset data

Asset data you can search in Splunk using the OT-BASE Technical Add-on:

Asset make, model and version

Asset type (e.g. PLC, RTU, network switch, computer, actuator, …)

Installed OS/Firmware version

Installed software applications

Installed security patches

Known vulnerabilities

Asset IP & MAC addresses

Layer 1 network connectivity & VLANs

Layer 3 network connectivity

Asset network exposure (private/public)

Asset location

Serial number

Machine association (e.g. “Packaging unit 2”)

Asset criticality

Date of configuration changes

Asset function

OT vulnerability management, easier than ever before

With OT-BASE, you always have up-to-date insight into known vulnerabilities. There’s no need to perform a vulnerability “scan” first. OT-BASE automatically and continuously determines known vulnerabilities that affect your installed base by matching the latest vulnerabilities published by NIST against your installed products (hardware, OS, software, firmware version), taking any installed security patches into account. Vulnerabilities are not just shown for Windows machines, but also for PLCs, network switches, RTUs, PLC backplane modules, …

Check vulnerabilities in ES Vulnerability Center

If you are using Splunk Enterprise Security, your OT vulnerabilities will automatically show up in Vulnerability Center.

Check vulnerabilities without Splunk Enterprise Security

If you are not using Splunk Enterprise Security, your can still check OT vulnerabilities in the vulnerability dashboard that comes with the OT-BASE Technical Add-on. Drill down into NIST CVE description pages, correlation searches, device lookups.

Automatic contextualization of asset data

OT-BASE stores asset data in a CIM compatible format and comes with a saved search that creates an asset lookup table for Enterprise security. This way, you automatically see asset context data in your threat hunting investigations.

OT assets in Splunk ES Asset Center, lookup table is automatically generated by a saved search that is part of the OT-BASE App

Automatic data enrichment in search queries based on the asset lookup table

Check out the online documentation

Check the OT-BASE online documentation to learn more about the OT-BASE Technical Add-on for Splunk

Go to online documentation