IoT Security Administrator’s Guide
    : Parse Industrial OT Device Files
    Focus
    Download PDF
    Focus
    1. Home
    2. IoT
    3. IoT Security Administrator’s Guide
    4. Discover IoT Devices and Take Inventory
    5. Parse Industrial OT Device Files
    Download PDF

    IoT Security Administrator’s Guide

    Parse Industrial OT Device Files

    Table of Contents

    Parse Industrial OT Device Files

    Add industrial OT device files, such as PLC controller configuration, program, and inventory files, to IoT Security to enrich your asset inventory.
    PLC controller configuration, program, and inventory files, referred to as device files, control and manage machinery and processes for industrial OT devices. Because device files define parameters and customize industrial devices to suit operational requirements, they contain detailed asset information. This can include information such as the name, model, vendor, and firmware of devices, as well as information about hardware components and downstream devices. In particular, device files can contain information for industrial OT equipment that operate in isolated network segments. If firewalls don't see traffic from those industrial OT devices, IoT Security can't learn about those assets from passive traffic monitoring.
    Use device files along with IoT Security features, such as Network Discovery Polling and third-party integrations to enrich your asset inventory. To use device files to augment your IoT Security asset inventory, you need to have an Industrial OT subscription. On an Industrial OT IoT Security tenant, view and add devices files on the Device Files page under AssetsDevice Files.
    On the Device Files page, the Overview section shows a summary of files added, devices learned, and devices enriched from device files in the past 30 days. Below the Overview section, the Parsing History table displays all device files uploaded to your IoT Security tenant. This table includes information such as the parsing history of each file, and how many devices were updated or how many devices were missing critical information, such as MAC and IP address, in each file. You can also download previously uploaded device files from the table.
    When adding a device file, you need to choose a site association before uploading a file. The site association helps avoid potential conflicts with overlapping IP addresses, and it serves as the site assignment for any new devices learned. You can upload only one file at a time, and each file can't exceed 100 MB in size. IoT Security supports the following device file types for parsing:
    • Rockwell AssetCentre (.raai)
    • Studio 5000 Logix Designer (.l5x)
    • Unity Application Exchange File (.xef)
    • Siemens TIA Portal (.zip file containing a Project Library File (.plf) and an Index File (.idx))

    Upload Device Files

    You can only upload one device file at a time. Verify the parsed content and submit a device file before adding another device file.
    1. Login in to your Industrial OT Security portal and navigate to AssetsDevice Files.
    2. In the Parsing History table, click on the Upload icon to open the File Parsing side panel.
    3. Select the site to associate your device file with.
    4. Drag and drop your device file into the Select Files box, or Browse your folders and select the device file to upload.
    5. Review the result of the parsed device file.
      After IoT Security parses a file, it displays a table with the parsed output. The table lists the names of all devices discovered from the device file, as well as whether those devices are new or if they match to an existing device in the IoT Security assets inventory.
      When a device matches an existing device in IoT Security, you can click on the Device Name field to open up the corresponding Device Details page in a new tab or window. After you submit the device file, the data from the device file will supplement the information on that existing device identity.
      If the Parsing Output field says Additional Info Required, then IoT Security can't determine if the device is new or if it matches an existing device. Click on Additional Info Required to add an IP address and a MAC address. A device that has an IP address but no MAC address will be created as a static IP address. If you don't want to add the information right away, you can submit the device file first and update the information from the Parsing History table later.
    6. After verifying the results of the parsed device file, Submit the file to add the devices and device information to IoT Security.
      After submitting the device file, you can view the submitted device file in the Parsing History table.

    Update Devices Missing Critical Information

    When viewing the Parsing History table, some rows may have a value under the field Devices Missing Critical Information. This field indicates the number of devices in that file that are missing an IP address and a MAC address. Update the devices with this information to help IoT Security determine if those devices are new or if they match existing devices in the asset inventory.
    1. Click on the number in the Devices Missing Critical Information field for a device file.
      This brings up the File Parsing Side panel, where you can review the list of devices that are missing an IP address and a MAC address.
    2. For each device, click Additional Info Required in the Parsing Output field to bring up the Device Attributes pop-up.
    3. Enter the IP Address for the device.
    4. Optional Enter the MAC Address for the device.
    5. Apply the updates.
    6. Continue updating all devices that are missing critical information, and then Submit the changes after you're done.

    Download Past Device Files

    1. Navigate to AssetsDevice Files and view the Parsing History table.
    2. Select the check box next to the device files that you want to download.
    3. Download the device files.

    © 2024 Palo Alto Networks, Inc. All rights reserved.