Details

The Details tab shows additional details about the selected asset. The information is divided into sections showing various types of system and configuration data for the specified asset. OT Security displays only the sections relevant to the specified asset. The following list includes all possible section categories for various asset types: Overview, General, Project, Memory, Ethernet, Profinet, OS, System, Hardware, Devices & Drives, USB Devices, Installed Software, IEC-61850, and Interface Status.

Note: OT Security displays only those details that it extracts from the asset. Not all sections may appear for all the assets. For example, General, Nessus Scan Information.

The following table shows the details in the Overview section:

Section Description
Name The asset name obtained either through passive monitoring or active query, or automatically generated using asset type and a unique identifier.
Description The description of the asset from the user.
Purdue Level The Purdue Model level assigned to the asset.
State The current operational status of the asset. The field is relevant for specific asset types, typically controllers.
Direct IP

The IP address present on or configured for that specific asset or module.
Direct Mac The Mac address physically present on or configured for that specific asset or module.
Additional IPs

IP addresses associated with other modules sharing a backplane or similar infrastructure with the asset used to access the asset indirectly.

For example, a PLC (controller module) may lack its own network interface and is accessed via an IP address configured on a communication module installed in a different slot. Note that the asset may have connections other than a backplane.
Additional Macs Mac addresses associated with other modules sharing a backplane or similar infrastructure used to access the asset indirectly.
Family The device family or product line to which the asset belongs.
Vendor The manufacturer or supplier of the asset.
Model Name The specific model number of the asset.
Last Seen

The date and time when OT Security most recently detected the asset.

OT Security may update this field when replaying a PCAP (traffic capture file) or performing a similar analysis.
First Seen The date and time when the asset was initially detected, which may be the same as or earlier than the Last Seen value.
Last Update

The date and time or the most recent update of any of the asset's details.

Note: Any manual change to the asset information, such as updating the description updates this value, whether or not the asset is currently active or recently detected.
Sources The sources (such as sensors, PCAPs, local interfaces) identified or are associated with the asset.
Network Segments The network segments assigned or associated with the asset.
Criticality The importance of the asset assessed as High, Medium, or Low.
Risk Score Reflects the potential impact of risk associated with the asset. The score is influenced by factors such as criticality, vulnerabilities, unresolved events (and their duration), related assets (for example, via backplane), and other relevant considerations.

Backplane View

For assets that are connected to a backplane, there is also a Backplane View section, which shows a graphic representation of the backplane configuration, including the slot position of each connected device. Select a device to show its details in the lower pane.

Nessus Scan Information

The Nessus scan information helps you:

  • Understand assessed and unassessed assets.

  • Understand if your assets are targeted with credentialed or non-credentialed scans.

  • Perform best practices with scanning and vulnerability management. For example, you can perform vulnerability assessment scans against IT type assets running Windows, Linux. Scanning, whether with or without credentials, helps assess how much of your organization's attack surface is exposed both internally and externally.

For more information about Nessus Scans, see Create Nessus Plugin Scans .

The Nessus Scan Information section on the Details page provides the following details:

  • Last Successful Scan

  • Last Authenticated Scan

  • Last Scan Duration

IEC 61850

The IEC 61850 section on the Details page shows the following configuration for the specific IED asset.

  • Vendor

  • Model

  • Revision

For more information about the SCD files, see the following: