Implementing Dragos Platform for OT Monitoring

When to Use

• When deploying an OT-specific network detection and response (NDR) solution for industrial environments
• When needing threat intelligence-driven detection against known ICS threat groups (VOLTZITE, CHERNOVITE, KAMACITE)
• When building an OT SOC capability with purpose-built industrial security tooling
• When requiring asset discovery and vulnerability management alongside threat detection in a single platform
• When integrating OT security monitoring with an enterprise SIEM (Splunk, Sentinel, QRadar)

Do not use for IT-only network monitoring without ICS components, for endpoint detection and response (EDR) on OT workstations, or for environments standardized on Claroty or Nozomi (see respective skills).

Prerequisites

• Dragos Platform license and deployment package
• Network TAP or SPAN port at OT network boundaries (one sensor per monitored segment)
• Dragos sensor hardware (physical appliance) or virtual appliance meeting minimum specifications
• Firewall rules allowing sensor-to-Dragos-SiteStore communication (encrypted, outbound only from OT)
• Dragos Knowledge Pack subscription for threat intelligence updates