Overview

Cisco Cyber Vision events and alerts

Events and alerts are system-generated notifications that

  • indicate significant activity or irregularities detected within an industrial network,

  • categorize information based on type, associated data, and network components, and

  • provide warnings or alerts to help with security monitoring and response.

Event: You receive an event notification when Cisco Cyber Vision detects notable network activity, such as a PLC being reprogrammed or a new device appearing. You can configure Syslog integration for events in the Classic UI.

Alert: An alert is a notification that triggers when a user-defined rule’s condition is met. You can set up Syslog integration for alerts in the New UI.

Additional reference information

Cisco Cyber Vision sensors analyze industrial protocols and gather network properties. The system sends these properties to the Center. The Center processes the information and creates a model of your operational technology (OT) network.

Events notify you about changes, incidents, or anomalies in your industrial environment. In the Classic UI, events appear in a timeline. You can forward events to external systems through Syslog.

In the New UI, you can configure Cyber Vision to forward alerts through Syslog when alerts are raised or cleared.

Examples

These events trigger logs and syslog integration in the Classic UI:

  • Init: The system detects new industrial communications.

  • Start or Stop CPU: The system detects when a PLC starts or stops.

  • Exception: The system detects an exception in an industrial connection.

  • Program Download: The system detects the download of a PLC program.

  • Program Upload: The system detects the upload of a PLC program.

  • New Communication: The system detects a new communication flow.

  • New Properties: The system detects additional industrial properties on the network.

  • New Component: The system identifies a new component on the network.

  • Protocol Decode Failure: The system detects a decode error in a received packet.

These alerts trigger syslog integration in the New UI:

  • The system generates an alert.

  • The system clears an alert.