Monitor asset management systems for device configuration changes which can be used to understand expected parameter settings.
Monitor device application logs parameter changes, although not all devices will produce such logs.
Monitor for device alarms produced when parameters are changed, although not all devices will produce such alarms.
Monitor ICS management protocols for parameter changes, including for unexpected values, changes far exceeding standard values, or for parameters being changed in an unexpected way (e.g., via a new function, at an unusual time).
| Data Component | Name | Channel |
|---|---|---|
| Asset Inventory (DC0110) | Asset | None |
| Application Log Content (DC0038) | Application Log | None |
| Device Alarm (DC0108) | Operational Databases | None |
| Network Traffic Content (DC0085) | Network Traffic | None |