implementing-ot-network-traffic-analysis-with-nozomi
Installation
SKILL.md
Implementing OT Network Traffic Analysis with Nozomi
When to Use
- When deploying passive OT network monitoring using Nozomi Networks Guardian sensors
- When requiring asset visibility without active scanning in sensitive ICS environments
- When building a Nozomi-based OT SOC with centralized management via Vantage or CMC
- When integrating OT network monitoring with Fortinet, Splunk, or ServiceNow ecosystems
- When monitoring compliance with IEC 62443 network segmentation policies
Do not use for active vulnerability scanning of OT devices (see performing-ot-vulnerability-scanning-safely), for environments standardized on Dragos (see implementing-dragos-platform-for-ot-monitoring), or for IT-only network monitoring.
Prerequisites
- Nozomi Networks Guardian sensor (hardware, VM, or container)
- Network TAP or SPAN port configured on monitored OT network segments
- Nozomi Vantage (cloud) or Central Management Console for multi-sensor management
- Nozomi Threat Intelligence subscription for updated detection signatures
- Network architecture documentation for sensor placement planning