You can configure traffic monitoring of system commands that are transmitted and received by process control devices. In Kaspersky Industrial CyberSecurity for Networks, system commands include device management commands (for example, START PLC) as well as system messages related to the operation of devices or containing packet analysis results (for example, REQUEST NOT FOUND).
When a monitored system command is detected, Kaspersky Industrial CyberSecurity for Networks registers an event for Command Control technology. The event is registered using the system event type that is assigned the code 4000002602. You can configure the available parameters for this event type in the Application Console on the Configure events tab.
You can view information about registered events when connected to the Server through a web browser.
To configure monitoring of system commands for a device:
The device editor appears in the lower part of the window.
You will see the Monitored system commands window containing a list of system commands that can be monitored.
The list of monitored system commands depends on the specified protocols for the device. If the necessary system commands are absent from the list, close the Monitored system commands window and add all missing protocols that could be used by the device to the device settings.