This document presents a minimum set of security monitoring use cases for OT that was initially created within a project for a member of ENCS and was later adapted for use by all members. It is a live document being frequently updated with feedback from the SOC analysts’ roundtables or sporadic feedback from members.
This document can be used by SOC analysts to configure a SIEM system to provide them with the minimum visibility over the risks and security measures that were considered relevant to the ENCS members that gave their contribution to the document.
This document is structured into four key sections — Scope, Cases, Configuration Management Events, and Health and Performance.