Skip to content

[New Integration] Nozomi Networks #13867

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
cpascale43 opened this issue May 9, 2025 · 0 comments
Open

[New Integration] Nozomi Networks #13867

cpascale43 opened this issue May 9, 2025 · 0 comments
Labels
Crest Contributions from Crest developement team. Epic Integration:nozomi [Integration not found in source] New Integration Issue or pull request for creating a new integration package.

Comments

@cpascale43
Copy link

cpascale43 commented May 9, 2025
edited
Loading

Description

Nozomi Networks provides network and endpoint visibility & threat detection for OT/IoT. The integration should collect data from Nozomi's platform components - Vantage, Central Management Console (CMC) and Guardian via API. Access to a sample tenant is available on request.

Architecture

Following Nozomi's recommendations, integration can be built via CEF/syslog or using their Universal API. The integration should retrieve the following data types. Please see Nozomi's data model reference documentation for a full list of fields.

Alerts

  • Security and operational anomalies categorized by severity, type and affected assets

Assets

  • Inventory of discovered OT/IoT devices including classifications and network information - this should map to Elastic's asset inventory.

Asset Updates

  • Real-time changes to device configurations, only available for customers using CMC All-in-One and Vantage
  • Not supported in Guardian or CMC Multicontext deployments

NodeCVEs

  • Identified CVEs for specific nodes/devices in the network

Nodes

  • Individual devices and endpoints detected on the network

Health logs

  • System status information and performance metrics from Nozomi platform

Audit logs

  • Records of user activities and system configuration changes

Variables

  • Industrial control system process variables and parameters

Sessions

  • Live, mostly open, sessions between nodes. A session is a specific application-level connection between nodes. A link can hold one or more sessions at a given time
@cpascale43 cpascale43 added Epic New Integration Issue or pull request for creating a new integration package. Integration:nozomi [Integration not found in source] Crest Contributions from Crest developement team. labels May 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Crest Contributions from Crest developement team. Epic Integration:nozomi [Integration not found in source] New Integration Issue or pull request for creating a new integration package.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cpascale43