Recent Control & Safety Systems Discussions
Similar Posts
Unable to add parameter path to server subscription-Excel Addin.
Error Number: 9(9) Subscript out of range
Enable and disable alarms on a workstation based on which user is logged in
how to configure the PK controller to synchronize one NPT server
Enabling Windows server backup on Proplus
Share
  • Not Answered

how to enable WEF in DeltaV workstations and configure subscription server?

We are trying to setup a log server on the Emerson PIN network, we would like to collect DeltaV workstation/windows logs to be forwarded to this log server via a subscription server probably below the perimeter firewall.


Any help on how to enable windows event forwarder (WEF) on DeltaV workstations?

Appreciate your time in advance !

Best Regards,

Jai

Jai

3 Replies

  • Alexandre Peixoto
    Hi Jai,
    Emerson offers options to collect and forward events (including parsing of that information alongside potential network security monitoring as well) by means of our SIEM and NSM solutions (powered by McAfee).

    WEF requires WinRM which is disabled by DeltaV hardening following the CIS Benchmarks. This is a settings marked as NUC (not user customizable) in our hardening sheets and the impact to enable it would require a risk assessment related to cybersecurity posture of your system deployment.

    The SIEM option is fully supported by Emerson, and I always like to caution customers about the need to parse many of the events which are stored in the Windows events, but carry specifics to DeltaV that may not naturally translate easier on a foreign server. SIEM for DeltaV systems is always updated with the latest related information for DeltaV systems, hence the parsing work is reduced for you, and you have the advantage of embedded network security information if you choose to do so now or in the future.

    There is a "light" SIEM offering that may be suitable for your needs if indeed you want to use it as a simple collector and forwarder. Note that our SIEM provides the interfaces to be used as your full on management interface of logs coming from Windows nodes, network equipment, and ePO-generated events coming from Endpoint Security and Application Whitelisting applications you may have on your deployment.

    Sorry for the sales pitch, but may be worth considering if you haven't had a chance to review this option.

    Regards,

    Peixe
  • Jai

    In reply to Alexandre Peixoto:

    Hi Peixe, Thanks for your quick response. Could you explain a bit more about the light SIEM. I would like to understand more about its functions on Event collection and forwarding.
  • Alexandre Peixoto

    In reply to Jai:

    Here is a link to help you with intro information: www.emerson.com/.../service-data-sheet-security-information-event-management-pss-en-1524026.pdf

    SIEM50 is what I referred to as a "light SIEM"

    Please reach out to me so I can connect you with the right team to support with any further information on that.

    Alexandre.Peixoto@Emerson.com

    Peixe

This is the official online community site of the Emerson Global Users Exchange, a forum for the free exchange of non-proprietary information among the global user community of all Emerson Automation Solution's products and services. Our goal is to improve the efficiency and use of automation systems and solutions employed at members’ facilities by sharing our knowledge, experiences, and application information.

User Groups | World Areas | Community Guidelines | Legal Information | Privacy Policy | Contact Community Manager

Website translation provided by Website Translator

© 2015-2022 Emerson Global Users Exchange. All rights reserved.