implementing-ot-network-traffic-analysis-with-nozomi

Featured

Deploy Nozomi Networks Guardian sensors for passive OT network traffic analysis to achieve comprehensive asset visibility, real-time threat detection, and vulnerability assessment across industrial control systems without disrupting operations, leveraging behavioral anomaly detection and protocol-aware monitoring.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Implementing OT Network Traffic Analysis with Nozomi ## When to Use - When deploying passive OT network monitoring using Nozomi Networks Guardian sensors - When requiring asset visibility without active scanning in sensitive ICS environments - When building a Nozomi-based OT SOC with centralized management via Vantage or CMC - When integrating OT network monitoring with Fortinet, Splunk, or ServiceNow ecosystems - When monitoring compliance with IEC 62443 network segmentation policies **Do not use** for active vulnerability scanning of OT devices (see performing-ot-vulnerability-scanning-safely), for environments standardized on Dragos (see implementing-dragos-platform-for-ot-monitoring), or for IT-only network monitoring. ## Prerequisites - Nozomi Networks Guardian sensor (hardware, VM, or container) - Network TAP or SPAN port configured on monitored OT network segments - Nozomi Vantage (cloud) or Central Management Console for multi-sensor management - Nozomi Threat Intelligence subscription for updated detection signatures - Network architecture documentation for sensor placement planning ## Workflow ### Step 1: Deploy Guardian Sensors for Passive Monitoring ```python #!/usr/bin/env python3 """Nozomi Guardian Deployment Manager and Alert Analyzer. Manages Nozomi Guardian sensor deployment validation, asset inventory extraction, and threat alert analysis for OT environments. """ import json import sys from collections import defaultdict from datetime import date...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

implementing-dragos-platform-for-ot-monitoring

Deploy and configure the Dragos Platform for OT network monitoring, leveraging its 600+ industrial protocol parsers, intelligence-driven threat detection analytics, and asset visibility capabilities to protect ICS environments against threat groups like VOLTZITE, GRAPHITE, and BAUXITE.

12,642 Updated today
mukul975
AI & Automation Featured

performing-ot-vulnerability-scanning-safely

Perform vulnerability scanning in OT/ICS environments safely using passive monitoring, native protocol queries, and carefully controlled active scanning with Tenable OT Security to identify vulnerabilities without disrupting industrial processes or crashing legacy controllers.

12,642 Updated today
mukul975
AI & Automation Featured

performing-ot-network-security-assessment

This skill covers conducting comprehensive security assessments of Operational Technology (OT) networks including SCADA systems, DCS architectures, and industrial control system communication paths. It addresses the Purdue Reference Model layers, identifies IT/OT convergence risks, evaluates firewall rules between zones, and maps industrial protocol traffic (Modbus, DNP3, OPC UA, EtherNet/IP) to detect misconfigurations, unauthorized connections, and attack surfaces in critical infrastructure.

12,642 Updated today
mukul975
AI & Automation Featured

performing-ics-asset-discovery-with-claroty

Perform comprehensive ICS/OT asset discovery using Claroty xDome platform, leveraging passive monitoring, Claroty Edge active queries, and integration ecosystem to gain full visibility into industrial control system assets including PLCs, RTUs, HMIs, and network infrastructure across Purdue Model levels.

12,642 Updated today
mukul975
AI & Automation Featured

implementing-network-segmentation-for-ot

This skill covers implementing network segmentation in Operational Technology environments using VLANs, industrial firewalls, data diodes, and software-defined networking. It addresses the Purdue Model-based segmentation strategy, migration from flat networks to segmented architectures without disrupting operations, configuring OT-aware firewalls with industrial protocol deep packet inspection, and validating segmentation effectiveness through traffic analysis.

12,642 Updated today
mukul975