SCADA Logging: See Every Change, Stop Insider Threats!
Zakhar Bernhardt
ICS/OT Cybersecurity Expert | Labshock & Patented NVIDIA AI IDS & 1st OT SIEM Creator | 10k+ Followers | Pentesting & SOC
?? Labshock 1.4.1 – SCADA Logging Update
Labshock 1.4.1 introduces SCADA logging, making it easier to collect and analyze events from FUXA SCADA. With this update, you can track user actions, system changes, and project modifications in real time. Logs are sent via Syslog to Tidal Collector, where they can be viewed through a simple and powerful web interface.
Why is SCADA Logging Important?
Insider threats are one of the biggest risks in OT environments. Many issues don’t come from external hackers but from operators/engineers/vendors/contractors - whether by accident or on purpose.
Unlike external attacks, insider threats don’t require phishing, malware, or lateral movement. They already have direct access.
The best protection? Centralized monitoring. If changes, logins, and system edits are tracked, people think twice before attempting to hide actions. SCADA logging helps you see what’s changing, correlate events and stop problems before they escalate.
This guide walks you through SCADA logging Demo:
Let’s get started! ??
?? Update Labshock
enable SCADA logging
Getting Labshock up and running is simple. You only need Docker, Docker Compose, and optional Git installed on your system. No extra libraries or tools are required.
Check GitHub for update process -> Labshock repo
And put Star ?? your feedback helps a lot, thanks!
Update process Simple as possible:
?? Collecting Logs from SCADA
what's new in Labshock
I developed Syslog logging for FUXA SCADA, allowing it to send logs to external systems. I also updated the web interface to include logging settings, making it easier to enable and configure log collection. This update integrates with Tidal Collector, providing a user-friendly way to view and analyze SCADA logs in real time.
And thanks a lot Frangoteam team for such cool tool!
1. Login to SCADA
2. Enable Logging
3. Check Logs in Tidal Collector
领英推荐
?? Tracking User Creation Logs
let's check user creation example
I added logging for user creation events in FUXA SCADA, ensuring that every new account creation is recorded and sent via Syslog. With integration into Tidal Collector, users can easily track and review account creation events through a web interface, improving visibility and security monitoring.
1. Creating a New User in SCADA
2. Logging User Creation Events
3. Viewing Logs in Tidal Collector
?? Tracking Project Changes
now they know that you know
I added logging for project changes in FUXA SCADA, capturing edits, device updates, and configuration changes. Logs with user details and timestamps are sent via Syslog to Tidal Collector, allowing real-time tracking through its web interface.
1. Making Changes to a SCADA Project
2. Logging Project Modifications
3. Viewing Logs in Tidal Collector
?? Conclusion
Labshock makes it easy to practice and understand SCADA logging
SCADA logging is a simple but powerful way to improve visibility and security in OT environments. By enabling logging in SCADA and integrating it with Tidal Collector, you can track user actions, detect unauthorized changes and respond to insider threats before they cause harm.
? Monitor logins, project edits and user management events
? Correlate actions across SCADA, PLCs, and other OT systems
? Ensure accountability by making changes traceable
The same principles apply to all SCADA and HMI systems, not just Oilsprings. Logging user actions, tracking configuration changes, and integrating with a central collector enhance security and visibility across any industrial environment.
Try it out, and let me know your thoughts!
put Like ?? put Star ?? and Coffee ??
+17K Followers ?? | Cybersecurity Analyst | Blue Team Specialist | Threat Hunting | Malware Researcher and Analyst ?? | ML, DL, AI | Community Manager @SOC4M
5 天前Useful tips Zakhar Bernhardt thank you for sharing