SIEM (Security Information and Event Management) Tool

SIEM Tool

Brief Description

Security Information and Event Management (SIEM) Tool identifies threats on the SCADA test bed by continuously monitoring all data generated by different SCADA devices at multiple levels. SIEM Tool uses the white listed file profile of Reference Data Set (RDS) of NIST (National Software Reference Library) to find anomalous files. The monitoring process generates baseline for every experimental activity and identifies all anomalous activities by comparing the same with a reference signature based activity log. The SIEM dashboard presents the monitored activities, which helps to identify the anomalies at a specific level, thereby reducing response time and also improves the forensic investigation.

Main uses and domain

  • SCADA Security for power sector

Features and Technical Specifications

  • Simulation, monitoring and management of attacks for SCADA systems
  • C-DAC’s Multi Agent based Framework (CMAF) based SCADA Test bed
  • Efficient analysis through single window dashboard. It uses correlation, data aggregation and retention for anomaly detection and forensics investigation..

Platform required (if any): NA

Contact Details for Techno Commercial Information

Nagesh R, nageshr[at]cdac[dot]in
Aswath Rao, aswath[at]cdac[dot]in
Bindhumadhava, bindhu[at]cdac[dot]in