@kth90 Splunk does not currently have capabilities to monitor PLC's. For HMI's it depends on whether you are talking about embedded systems, but many HMI's just run on windows/linux operating systems and information can be collected from logs on the host (usually with a Universal Forwarder, but sometimes you can find logs on the SCADA/DCS system as well). Although the C-More Historian you mention doesn't appear to be that way. Process data can be collected for PLC's often from the SCADA/DCS system or in most cases a Historian, but those are primarily operational focused. Also there are capabilities to collect operational data via OPC UA and MQQT using some plugins on splunkbase. If we are talking about from the Security perspective (e.g. asset information, access, firmware, vulnerabilities, etc) Splunk relies on partner integrations with Nozomi, Claroty, Dragos, etc. (there are about a dozen major players in this space) who have that visibility and can provide asset info, vulnerabilities detected, and alerts to Splunk and are natively integrated in the OT Security Add on For Splunk (https://splunkbase.splunk.com/app/5151). You can of course build your own dashboards or leverage apps if the vendor has one. As mentioned by @venkatasri some of those devices do support syslog, but in all honesty very few of them do and they will likely be newer devices.
... View more