Performing ICS Asset Discovery with Claroty

When to Use

• When gaining initial visibility into an OT environment with unknown or poorly documented assets
• When preparing for an IEC 62443 risk assessment requiring a complete asset inventory
• When onboarding Claroty xDome into a brownfield industrial environment
• When validating existing asset inventory against actual network communications
• When identifying shadow OT devices or unauthorized connections in the control network

Do not use for IT-only asset discovery (use tools like Nessus or Qualys), for active scanning of sensitive PLC networks without vendor approval, or for environments where Claroty is not the deployed platform (see implementing-ot-network-traffic-analysis-with-nozomi).

Prerequisites

• Claroty xDome SaaS subscription or on-premises deployment
• Network TAP or SPAN port configured at OT network boundaries (Levels 1-3 of Purdue Model)
• Claroty Edge collector deployed for safe active querying of hard-to-reach network segments
• Integration credentials for CMDB tools (ServiceNow, BMC) if used
• Network architecture diagram showing VLANs, switches, and firewall zones