Home
Vantage
Learn how Vantage uses the power and simplicity of SaaS to deliver unmatched security and visibility across your OT, IoT and IT networks.
Administrator Guide
Information about the Administration section of Vantage, and the tasks that you can do in this part of the software.
Administration
Organization Settings
Contents Management
Use the Contents Management page to view, create, and manage detection content across the organization. Tabs organize content types such as packet rules, Yara rules, and Sigma rules. This interface helps streamline the application of threat detection logic in Vantage.
Sigma Rules
Sigma rules provide a standardized format for describing detection logic based on event logs. Use this page to manage Sigma rules that identify suspicious activity across log sources. These rules support consistent threat detection across heterogeneous environments.

Vantage
Learn how Vantage uses the power and simplicity of SaaS to deliver unmatched security and visibility across your OT, IoT and IT networks.
- Introduction
  An overview of Vantage.
- Administrator Guide
  Information about the Administration section of Vantage, and the tasks that you can do in this part of the software.
  - Administration
    - Administration page
      The administration page lets a user with administrator privileges configure settings and do other tasks.
    - System
    - Teams
    - Organization Settings
      - Updates
        The Updates page gives you access to configuration tabs for update policies and to schedule updates.
      - Features
        The Features page lets you configure Vantage to show, or hide, experimental and preview features for the selected organization.
      - Sensors Synchronization Settings
        The Settings Synchronization Settings (Sync) page shows the settings that this sensor inherits from its organization.
      - Tags
        The Tags page lets you assign tags to assets for access management purposes. This lets you constrain role assignments into a specific tag.
      - Zone Configurations
        The Zone Configurations page shows all the zone configurations in your organization, and lets you add new ones.
      - Imports
        The Imports page lets you see the list of imported hardware configuration, or project files, from which asset information is extracted.
      - Asset Rules
        The Asset Rules page shows all the asset rules in your organization, and lets you add new ones.
      - Security Control Panel
        The Security Control Panel allows administrators to configure security settings across the organization.
      - Custom Fields
        The Custom Fields page lets you enrich the schema of assets and nodes, and propagate the information to every sensor.
      - Alert Close Options
        The Alert Close Options page lets you define custom explanations for closing an alert.
      - Alert Playbooks
        The Alert Playbooks page lets you define templates to follow to manage alerts. An alert playbook defines custom content that instructs alert operators, and other users, how to manage various types of alerts. Playbooks are associated with alerts that match criteria specified in an alert rule. When a matching alert is raised, the playbook's content is included on the new alert's Details page. You and your team can update this content to record progress and take notes particular to this alert.
      - Alert Rules
        The Alert Rules page shows all the alert rules that you have defined, and lets you add new ones.
      - Contents Management
        Use the Contents Management page to view, create, and manage detection content across the organization. Tabs organize content types such as packet rules, Yara rules, and Sigma rules. This interface helps streamline the application of threat detection logic in Vantage.
        Packet Rules
        Packet rules identify network traffic patterns and enable detection of specific behaviors or threats. Use this page to review, enable, disable, or add custom packet rules. Actions help tailor detection capabilities across the monitored environment.
        Yara Rules
        Yara rules define patterns to identify malware or suspicious files based on textual or binary signatures. Use this page to view, update, and manage Yara detection logic across your organization. These rules match known indicators within file content to enhance threat detection.
        Sigma Rules
        Sigma rules provide a standardized format for describing detection logic based on event logs. Use this page to manage Sigma rules that identify suspicious activity across log sources. These rules support consistent threat detection across heterogeneous environments.
        Stix Indicators
        Stix indicators provide structured threat intelligence data to support automated detection of malicious activity. Use this page to view and manage indicators sourced from known attack patterns and threat actor behaviors. These indicators enhance visibility into emerging threats across your network.
        Scriptable Protocols
        Scriptable protocols allow custom protocol behavior to be defined through scripting for specialized network communication. Use this page to view and manage uploaded scriptable protocol definitions. This enables flexible parsing and monitoring of non-standard or proprietary protocols in Vantage.
      - Integrations
        The Integrations page lets you use one of the available applications to connect an organization with a third-party application.
      - Traffic Replays
        The Traffic Relays page lets you load demonstration data into your environment so that you can test various features and explore Vantage. Nozomi Networks provides several traffic replays, which demonstrate different scenarios, such as an OT-focused Power Station attack.
      - CLI
        The CLI page lets you select sensors and use the text field to enter a command to execute. Vantage shows the output of sensors in the web UI.
      - Migration tasks
        The Migration tasks page lets you update your Vantage instance and downstream sensors to adapt to changes in new versions of N2OS.
      - Audit Logs
        The Audit Logs page shows detailed operational information about your sensors and the activities that they monitor.
      - Backup Schedules
        The Backup Schedules page lets you manage, view, add, edit, and delete backup schedules.
      - Upload Traces
        The Upload Traces page lets you upload a trace, or packet capture (pcap) file, that is related to the active organization.
  - Migration
  - SAML integration
- User Guide
  Information about the main features of Vantage and the tasks that you can do from the user interface (UI).
- Print format documentation
  A list of all the print-format documentation that is available for Vantage.

Sigma Rules

Sigma rules provide a standardized format for describing detection logic based on event logs. Use this page to manage Sigma rules that identify suspicious activity across log sources. These rules support consistent threat detection across heterogeneous environments.

Refresh

The Refresh icon lets you immediately refresh the current view.

Live

The Live toggle lets you change live view on, or off. When live mode is on, the page will refresh periodically.

Add

The Add button lets you add new content.