Home
Vantage
Learn how Vantage uses the power and simplicity of SaaS to deliver unmatched security and visibility across your OT, IoT and IT networks.
Administrator Guide
Information about the Administration section of Vantage, and the tasks that you can do in this part of the software.
Administration
Organization Settings
Security Control Panel
The Security Control Panel allows administrators to configure security settings across the organization.

Vantage
Learn how Vantage uses the power and simplicity of SaaS to deliver unmatched security and visibility across your OT, IoT and IT networks.
- Introduction
  An overview of Vantage.
- Administrator Guide
  Information about the Administration section of Vantage, and the tasks that you can do in this part of the software.
  - Administration
    - Administration page
      The administration page lets a user with administrator privileges configure settings and do other tasks.
    - System
    - Teams
    - Organization Settings
      - Updates
        The Updates page gives you access to configuration tabs for update policies and to schedule updates.
      - Features
        The Features page lets you configure Vantage to show, or hide, experimental and preview features for the selected organization.
      - Sensors Synchronization Settings
        The Settings Synchronization Settings (Sync) page shows the settings that this sensor inherits from its organization.
      - Tags
        The Tags page lets you assign tags to assets for access management purposes. This lets you constrain role assignments into a specific tag.
      - Zone Configurations
        The Zone Configurations page shows all the zone configurations in your organization, and lets you add new ones.
      - Imports
        The Imports page lets you see the list of imported hardware configuration, or project files, from which asset information is extracted.
      - Asset Rules
        The Asset Rules page shows all the asset rules in your organization, and lets you add new ones.
      - Security Control Panel
        The Security Control Panel allows administrators to configure security settings across the organization.
      - Custom Fields
        The Custom Fields page lets you enrich the schema of assets and nodes, and propagate the information to every sensor.
      - Alert Close Options
        The Alert Close Options page lets you define custom explanations for closing an alert.
      - Alert Playbooks
        The Alert Playbooks page lets you define templates to follow to manage alerts. An alert playbook defines custom content that instructs alert operators, and other users, how to manage various types of alerts. Playbooks are associated with alerts that match criteria specified in an alert rule. When a matching alert is raised, the playbook's content is included on the new alert's Details page. You and your team can update this content to record progress and take notes particular to this alert.
      - Alert Rules
        The Alert Rules page shows all the alert rules that you have defined, and lets you add new ones.
      - Contents Management
        Use the Contents Management page to view, create, and manage detection content across the organization. Tabs organize content types such as packet rules, Yara rules, and Sigma rules. This interface helps streamline the application of threat detection logic in Vantage.
      - Integrations
        The Integrations page lets you use one of the available applications to connect an organization with a third-party application.
      - Traffic Replays
        The Traffic Relays page lets you load demonstration data into your environment so that you can test various features and explore Vantage. Nozomi Networks provides several traffic replays, which demonstrate different scenarios, such as an OT-focused Power Station attack.
      - CLI
        The CLI page lets you select sensors and use the text field to enter a command to execute. Vantage shows the output of sensors in the web UI.
      - Migration tasks
        The Migration tasks page lets you update your Vantage instance and downstream sensors to adapt to changes in new versions of N2OS.
      - Audit Logs
        The Audit Logs page shows detailed operational information about your sensors and the activities that they monitor.
      - Backup Schedules
        The Backup Schedules page lets you manage, view, add, edit, and delete backup schedules.
      - Upload Traces
        The Upload Traces page lets you upload a trace, or packet capture (pcap) file, that is related to the active organization.
  - Migration
  - SAML integration
- User Guide
  Information about the main features of Vantage and the tasks that you can do from the user interface (UI).
- Print format documentation
  A list of all the print-format documentation that is available for Vantage.

Security Control Panel

The Security Control Panel allows administrators to configure security settings across the organization.

Figure 1. Security Control Panel page

Security Profile

Choose an option to determine which alerts are generated on Sensors:

Low
Medium
High
Paranoid

Network Learning

Configure how the system:

Learns network activity
Detects anomalies
Applies security measures

Learning scope: Choose an option to determine what the system should focus on:

Adaptive Learning (default): This option establishes a global baseline for the protected environment, and notifies you about deviations. For instance, it triggers an alert if the system detects a node in the network with a previously unseen media access control (MAC) vendor.
Strict: This option establishes individual baselines for each network entity and notifies you of every change. For example, it triggers an alert whenever a new node appears in the network, or when two nodes start communicating.

Note:

The Strict approach is suitable for static networks, where the conditions rarely change and the nodes have fixed addresses. In all other situations, this mode will cause too many alerts, especially in networks with dynamic addressing. In a typical installation, we recommend that you use the default approach, and only enable the strict mode in zones with static addressing through the Zone configurations settings.

Phase switching: Choose an option to determine whether switching between learning and protection modes happens manually or automatically:

Manual
Dynamic

Current phase: Choose an option to determine whether the engine is learning or alerting on deviations:

Learning
Protecting

Learning phase duration: Specifies the duration before a baseline is finalized.

Process Learning

Process learning enables the system to detect and alert on changes in process behavior, enhancing security monitoring.

Alert on new variables: Select to raise alerts when the system detects the introduction of new process-related variables that were not previously observed.

Alert on new values: Select to generate alerts when the system detects a significant change in process values, indicating a potential anomaly.

Dynamic flow control: Select to trigger alerts when the system detects irregular patterns in cyclic access (read or write operations) to process variables.