Kaspersky Industrial CyberSecurity for Networks registers events based on one of the following technologies:
This technology is used to register events associated with process violations (for example, an event where the specified temperature was exceeded).
This technology is used to register events associated with industrial network integrity or the security of communications (for example, an event for the detection of communications between devices in the industrial network over a protocol that is new for those devices).
This technology is used to register events associated with the detection of traffic anomalies that are signs of an attack (for example, an event for the detection of signs of ARP spoofing).
This technology is used to register events associated with the detection of system commands for devices in traffic (for example, an event for the detection of an unauthorized system command).
This technology is used for incidents and events that are received by Kaspersky Industrial CyberSecurity for Networks from recipient systems using Kaspersky Industrial CyberSecurity for Networks API methods.
This technology is used to register events associated with the detection of device information in traffic or in data received from EPP applications (for example, an event for the detection of a new IP address for a device).
This technology is used to register events associated with threats detected by Kaspersky applications that perform functions to protect workstations and servers (for example, a malware detection event).