Getting Data In

PLC & HMI Monitoring

kth90
New Member

Hi I'm currently looking for a software that can monitor logs from PLC (mostly Allen Bradley devices) and HMI (C-More) 

Can Splunk able to do this? 

Labels (1)
Tags (1)
0 Karma

cduffey_splunk
Splunk Employee
Splunk Employee

@kth90 Splunk does not currently have capabilities to monitor PLC's.  For HMI's it depends on whether you are talking about embedded systems, but many HMI's just run on windows/linux operating systems and information can be collected from logs on the host (usually with a Universal Forwarder, but sometimes you can find logs on the SCADA/DCS system as well).  Although the C-More Historian you mention doesn't appear to be that way.  Process data can be collected for PLC's often from the SCADA/DCS system or in most cases a Historian, but those are primarily operational focused.  Also there are capabilities to collect operational data via OPC UA and MQQT using some plugins on splunkbase.

If we are talking about from the Security perspective (e.g. asset information, access, firmware, vulnerabilities, etc) Splunk relies on partner integrations with Nozomi, Claroty, Dragos, etc. (there are about a dozen major players in this space) who have that visibility and can provide asset info, vulnerabilities detected, and alerts to Splunk and are natively integrated in the OT Security Add on For Splunk (https://splunkbase.splunk.com/app/5151).  You can of course build your own dashboards or leverage apps if the vendor has one.  As mentioned by @venkatasri some of those devices do support syslog, but in all honesty very few of them do and they will likely be newer devices.

0 Karma

venkatasri
SplunkTrust
SplunkTrust

Hi @kth90 

There seems no out-of-the box add-ons from splunkbase which supports PLC & HMI devices. Usually devices natively generate syslogs which eventually can be forwarded to Splunk via syslog set-up on splunk side.

I would recommend to read device documentation about how to enable and generate syslogs for specific functions that you require example firmware updates, device boot logs ,authentication, CLI executions etc.

Then send these logs to splunk:  Device (syslog enabled and generating) -> syslog server (optional) -> Splunk ( syslog needs to be set-up here).

 

You can reach out device vendors they can point to right solution as well!!

-------------------------------------------------------------------

An upvote would be appreciated if it helps!

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...