TAGSIA.COM
Monitoring Config SOP
Automated Availability & Heartbeat Configuration
Doc ID: TAG-OT-SOP-04
Category: Detect Phase
Rev: 1.1
Category: Detect Phase
Rev: 1.1
1. IMPORT FROM ASSET INVENTORY
To maintain a “Single Source of Truth,” do not manually create devices. Use the Auto-Discovery or CSV Import feature in the monitoring tool to pull these mandatory fields:
- Device Name: Must match Master Inventory (e.g.,
AMS-PLC-01). - IP Address: Static IP verification is mandatory before deployment.
- Grouping: Assign to ‘Critical OT’ (CAT II/III) or ‘Infrastructure’.
2. THE “LAZY HEARTBEAT” SENSOR
Legacy PLC CPUs can be disrupted by high-frequency ICMP polling. The following “Lazy Heartbeat” settings are mandatory for all CAT III assets:
Polling Interval: 60 Seconds
Timeout Limit: 5 Seconds
Retries: 3 (Consecutive)
Timeout Limit: 5 Seconds
Retries: 3 (Consecutive)
3. ALERT THRESHOLDS
| Condition | Severity | Action Required |
|---|---|---|
| 3 Consecutive Pings Failed | CRITICAL | Immediate Physical Check of IACS Rack |
| Latency > 200ms (Internal) | WARNING | Investigate Broadcast Storm / Loop |
| New MAC on Managed Port | SECURITY | Execute Rogue Device Response (CHK-07) |
ETO Note: If the Asset Inventory changes (e.g., new sensor or screen installation), update the Master Asset Inventory first. The monitoring tool should be set to re-sync every 24 hours to ensure audit trail integrity.
