Recording Of Cyber-Security Events - Siemens Reyrolle 7SR5 Operating Manual

Hide thumbs Also See for Reyrolle 7SR5:

Manual (504 pages)

Device manual (556 pages)

Manual (52 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

Table of Contents

Security Settings

9.9 Recording of Cyber-Security Events

9.9

Recording of Cyber-Security Events

The 7SR5 devices and Reydisp Manager provide a security audit trail which chronologically acquires and cate-

gorizes security-relevant events according to the origin and severity.

The 7SR5 devices automatically send the security-relevant events to an external syslog-server.

The transmission of the security events to the configured syslog server(s) takes place spontaneously and

without a conformation via UDP (User Datagram Protocol) when the security event occurs. A later readout of

the recorded security-events from the device-local security event buffer is possible. The security events are in

English.

NOTE

On the syslog server(s), Siemens recommends protecting the received security-events from unauthorized

read or write access with the role Auditor.

Structure of Security Events

A syslog event is built up with following elements:

Table 9-1

Element

Severity (level)

Date

Time

IP address or port

name

Module name

BOM

Product name

Indication text

NOTE

Multiple password entry attempts in quick succession may be disregarded by the device as not genuine

entry attempts.

Configuration Overview

To record cybersecurity events during the operation of 7SR5 devices, recordings are automatically created and

data is collected. All security-related events and alarms recorded in the device-internal security log can also be

transmitted simultaneously to a central syslog server. This action allows safety-relevant events to be recorded

from various transformer stations with the requirements of standards and guidelines, such as IEEE 1686,

142

Security Events

Description

Severity levels of the event:

•

Warning

•

Alarm

Date when the event is received or logged from the syslog server

Time when the event is received or logged from the syslog server

•

Time

•

hh:mm:ss.ttt

Time when the event is created

•

+hh:mm

Time deviation from GMT

IP address or port name of the product or subcomponent that generates the log entry

The name of the product module that generates the log entry

Byte order mark for UTF8 encoding

The name of the product that generates the log entry

The message part of a syslog event

Depending on the event, the indication text can contain variable additional informa-

tion (%A1%, %A2%, %A3%, and %A4%).

Reyrolle 7SR5, Operating, Manual

C53000-B7040-C013-1, Edition 05.2021

Table of Contents

Recording Of Cyber-Security Events - Siemens Reyrolle 7SR5 Operating Manual

9.9 Recording of Cyber-Security Events

Related Manuals for Siemens Reyrolle 7SR5

Related Content for Siemens Reyrolle 7SR5

Table of Contents