When you investigate a security alert in Device Security, you can see which MITRE ATT&CK tactics and techniques from ICS and Enterprise frameworks, and which IEC 62443 security requirements, apply to that alert. Use this context to help assess severity, prioritize remediation, and evaluate your compliance posture without manually cross-referencing external frameworks.

On the Alert Details page, a new Compliance and Security Frameworks section lists the IEC 62443 requirements associated with the alert, and a MITRE ATT&CK section that displays the framework, tactic name, technique name, and technique ID for each mapped entry. On the Alert Inventory page, new attributes let you filter and search by MITRE ATT&CK framework, tactic, technique name, and technique ID, as well as by IEC 62443 reference, so you can surface all alerts associated with a given attack technique or compliance requirement.

Correlating alerts with recognized threat frameworks helps you prioritize which incidents represent the most critical attack paths for your assets and demonstrates to auditors that your security posture aligns with compliance requirements. Device Security maps these frameworks automatically to each alert so your security team spends less time cross-referencing documentation and more time responding to threats.

With Custom Reports, you can build report templates for assets, alerts, and vulnerabilities and generate them on demand or on a schedule — without relying on manual data exports or external tools. Security administrators responsible for continuous auditing often have to export data from Device Security and manipulate it elsewhere to produce reports that match their organization's priorities, scoping requirements, or compliance frameworks.

Custom Reports supports flexible scoping through the Query Builder, so you can tailor each template to the sites, device types, and attributes your team cares about. Reports are produced in PDF and CSV formats, retained in the Report History, and can be delivered automatically by email to internal and external stakeholders on a schedule you set.

With custom report templates, you can reuse them for different reporting scenarios, such as for executive security summaries or for compliance audits, so your team spends less time rebuilding reports from scratch. Scheduling reports within Device Security replaces infrequent manual reporting with a cadence that keeps your security posture continuously visible. You can also clone system-provided templates or convert custom dashboards into report templates.

When you integrate Device Security with an external asset management system, keeping both inventories in sync is difficult — manual data entry creates errors, and devices can go unaccounted for in either direction. If you have an AIMS3 integration enabled, you can now generate an Inventory Gap Report to compare your Device Security asset inventory against your AIMS3 data and identify discrepancies without reconciling large datasets by hand.

The report identifies devices that Device Security discovered but that are absent from your external source, and devices that your external source records but that Device Security is not monitoring. It also flags assets that appear in both systems but differ on classification, and near-matches where a data entry error may have created a duplicate or orphaned record. You can run a Gap Report on demand or on a recurring schedule.

Keeping asset inventories in sync across systems is difficult when one relies on manual data entry. A single discrepancy can leave a device unmonitored or cause your records to diverge from what Device Security sees on the network. The Inventory Gap Report gives your team an automated way to catch and correct these discrepancies before they become coverage gaps.

Integrating Device Security with Octoplant Octovision lets you view and apply OT-specific ontext directly to your device profiles in Device Security. Octoplant Octovision contains information for OT devices, such as PLCs, HMIs, and robot controllers, which Device Security may not be able to learn from network traffic. This gap causes incomplete device profiles and requires more manual correlation of threats and vulnerabiltiies to OT devices.

Through the Octoplant Octovision integration, Device Security pulls asset and server data from Octovision and correlates it with devices already in your inventory. Device records in Device Security are enriched with Octoplant-sourced attributes, such as which Octoplant server manages a given asset, the device's hardware module and order number, and its identifiers, giving you a more complete picture of the OT devices in your environment without requiring manual data entry.

Bringing Octoplant asset data into Device Security reduces the manual effort of reconciling your OT asset management and security inventories. With Octoplant-sourced context available alongside Device Security network monitoring data, your team can assess OT device risk and coverage from a single, consolidated view rather than cross-referencing separate systems.