The SIEM system breaks down the incoming syslog messages into individual elements. These
elements are assigned to their own event within the SIEM system. Within this event, it is
analyzed whether there are connections between the individual syslog messages. In this way,
the SIEM system detects possible attack vectors and, if necessary, informs the user, e.g. in the
event of multiple attacks at several points in the system.
① CPUs
② Syslog messages
③ Syslog server, e.g. SINEC INS
④ SIEM system
⑤ Notify user
Figure 4-2
More information
More information on network management with SINEC INS is available in the "SIMATIC NET:
Network management SINEC INS V1.0 SP2"
(https://support.industry.siemens.com/cs/us/en/view/109781023) manual.
You can find information on the structure of syslog messages in the Structure of the Syslog
messages (Page 59) section.
S7-1500R/H redundant system
System Manual, 01/2024, A5E41814787-AF
Forwarding and processing of syslog messages
Industrial cybersecurity
4.9 Secure operation of CPUs
55