Portaledge: Availability Event Class

From SCADApedia

The Availability Event Class in Portaledge is comprised of events that are triggered when a system, device or network has an availability issue or is on its way to having an availability issue. This event class will monitor systems and devices on the control system network for utilization (e.g. CPU, memory, network), performance and availability. An elevation in utilization may indicate an attack or an increase in activity on the network while a decrease in performance or availability may be a symptom of failing hardware or inappropriate use.

Events will detect when systems or devices exceed a threshold that indicates an availability event has occurred. There are also events in the Availability Event Class that will identify when the system or device utilization has increased or decreased by a significant level even though the availability threshold has not been exceeded. These performance degradation events are important because many control systems are built with large excess capacity so even a 10x increase would not trigger an availability threshold event, but it could represent an attack in process or new, anomalous activity.

1 Events
2 Related Pages
3 External Links

[edit]

Events

[edit]

Computer System Availability Event

Definition:The Computer System Availability Event will trigger an alert when one of the triggers reaches a threshold. Each trigger will have a threshold that the administrator may configure.

Triggers

CPU Utilization: This trigger will raise an alarm if the average CPU usage over the past 5 minutes has reached the threshold.
Memory Utilization: This trigger will raise an alarm if the average memory usage over the past 5 minutes has reached the threshold.
Hard Disk Space: This trigger will raise an alarm if the percentage of free hard disk space has reached the threshold.
Network Bandwidth: This trigger will raise an alarm if the average number of packets over the past 5 minutes has reached the threshold.
Network Latency: This trigger will raise an alarm if the average network latency over the past 5 minutes has reached the threshold.

Interfaces

Ping: Used to determine network latency.
TCP Response: Used to determine network latency.
Windows Performance Monitor: Used on Windows systems to determine CPU utilization, memory utilization, hard disk space, network bandwidth.
SNMP: Used on Linux systems to determine CPU utilization, memory utilization, hard disk space, network bandwidth.

[edit]

Network Device Availability Event

Definition: The Network Device Availability Event will trigger an alert when one of the triggers reaches a threshold. Each trigger will have a threshold that the administrator may configure.

Triggers

CPU Utilization: This trigger will raise an alarm if the average CPU usage over the past 5 minutes has reached the threshold.
Memory Utilization: This trigger will raise an alarm if the average memory usage over the past 5 minutes has reached the threshold.
Network Bandwidth: This trigger will raise an alarm if the average number of packets over the past 5 minutes has reached the threshold.
Network Latency: This trigger will raise an alarm if the average network latency over the past 5 minutes has reached the threshold.

Interfaces

Ping: Used to determine network latency.
TCP Response: Used to determine network latency.
SNMP: Used to determine CPU utilization, memory utilization, hard disk space, network bandwidth.

[edit]

Field Device Availability Event

Definition: The Field Device Availability Event will trigger an alert when one of the triggers reaches a threshold. Each trigger will have a threshold that the administrator may configure.

Triggers

CPU Utilization: This trigger will raise an alarm if the average CPU usage over the past 5 minutes has reached the threshold.
Memory Utilization: This trigger will raise an alarm if the average memory usage over the past 5 minutes has reached the threshold.
Network Bandwidth: This trigger will raise an alarm if the average number of packets over the past 5 minutes has reached the threshold.
Network Latency: This trigger will raise an alarm if the average network latency over the past 5 minutes has reached the threshold.

Interfaces

Ping: Used to determine network latency.
TCP Response: Used to determine network latency.
SNMP: Used to determine CPU utilization, memory utilization, hard disk space, network bandwidth.

[edit]

Performance Degradation Event

Definition: The Performance Degradation Event will trigger an alert when the load on one of the triggers is significantly greater than the previous days load at the same time.

Triggers

CPU Utilization: This trigger will raise an alarm if the average CPU usage over the past 5 minutes is significantly greater than the CPU usage 24 hours earlier.
Memory Utilization: This trigger will raise an alarm if the average memory usage over the past 5 minutes is significantly greater than the memory usage 24 hours earlier.
Hard Disk Space: This trigger will raise an alarm if the percentage of free hard disk space is significantly less than the percentage of free disk space 24 hours earlier.
Network Bandwidth: This trigger will raise an alarm if the average number of packets over the past 5 minutes is significantly greater than the number of packets 24 hours earlier.
Network Latency: This trigger will raise an alarm if the average network latency over the past 5 minutes is significantly greater than the network latency 24 hours earlier.

Interfaces

Ping: Used to determine network latency.
TCP Response: Used to determine network latency.
Windows Performance Monitor: Used on Windows systems to determine CPU utilization, memory utilization, hard disk space, network bandwidth.
SNMP: Used on Linux systems to determine CPU utilization, memory utilization, hard disk space, network bandwidth.

[edit]