Monitor ICS automation network protocols for functions related to reading an asset’s operating mode. In some cases, there may be multiple ways to detect a device’s operating mode, one of which is typically used in the operational environment. Monitor for the operating mode being checked in unexpected ways.
| Data Component | Name | Channel |
|---|---|---|
| Network Traffic Content (DC0085) | Network Traffic | None |