Component
As of version 4.0.0, the notion of device, which is an aggregation of components, is introduced in Cisco Cyber Vision and changes how data is processed and presented.
A component represents an object of the industrial network from a network point of view. It can be the network interface of a PLC, a PC, a SCADA station, etc., or a broadcast or multicast address.
In the GUI, a component is shown as an icon in a box, either the manufacturer icon (if detected), or a more specific icon (for instance for a known PLC model), a default cogwheel, a planet for a public IP, etc.
Some examples of icons:
Manufacturers icons |
||
SIEMENS PLC icons |
A S7-300 PLC. |
|
A Scalance X300 switch. |
||
Default cogwheel |
The manufacturer has not been detected yet by Cisco Cyber Vision. OR The manufacturer has not been assigned a specific icon in Cisco's icon library. |
|
Public IP |
||
Broadcast |
Broadcast destination component. |
|
Multicast |
Whenever it is possible, components will be grouped under a device, and represented as such. For example, in the map, you will be able to see a device's components through its right side panel and technical sheet. Other components, that is the ones that don't belong to any device, will be displayed in the map, with the difference that a device is represented with an icon squared with a double border, whereas a component will have a single border.
For more information, refer to the device section.
In Cisco Cyber Vision, components are detected from the properties MAC address and (if applicable) IP address.
Note |
MAC addresses are all physical interfaces inside the network. Instead, attribution of IP addresses relies on the network configuration. |
To be detected by Cisco Cyber Vision, an object needs to have some network activity (emission or reception). Thanks to Deep Packet Inspection technology, detailed information about a component is provided in the GUI. Thus, information like IP address, MAC address, manufacturer, first and last activity, tags, OS, Model, Firmware version depends on the data retrieved from the network. Data originates from the communications (i.e. flows) exchanged between the components.
When you click a component on the map or a list, a side panel opens on the right with the component detailed information.