Data Sources

Cyber Vision Sensor

The role of the Cyber Vision Sensor is the following:

• Collects Industrial Network Traffic: The sensor captures industrial network flows (passive) and queries devices (active). It stores data locally in case the server is not accessible.
• Decodes Common Industrial Protocols: Cyber Vision sensors understand most OT and IT communication protocols to analyze packet payloads and extract meaningful information.
• Sends Metadata to the Cyber Vision Server: The sensor sends metadata to the server for storage, analysis, and visualization. This only adds 3% to 5% extra traffic to the network.

Currently, the Data Sources interface consists of the following:

• PCAP: Use to upload packet capture (PCAP) data that is capturing network traffic from your OT network.
• Sensor Application: Use to add Cisco Cyber Vision sensor application to your network devices.

Onboarding a sensor (network device)

Onboarding consists of enrolling a sensor (asset). A sensor is a physical machine of the industrial network such as a switch or IR network device. Currently, Cisco Cyber Vision can enroll EDM-managed (Edge Device Manager) IR1101 models or externally-managed switches IE33xx or IE34xx (not managed by EDM).

To enroll an IR1101, see Onboarding an EDM-Managed Device.

To enroll an IE, see Onboarding an Externally-Managed Device.

Sensor Application Management

Once onboarded, manage the sensors from the Sensor Application menu. Click Data Sources > Sensor Application.