Intrusion Detection at the Edge for a Tier-1 Auto Supplier's OT Network
Overview
What this challenge is about.
Receive an anonymized network diagram for 1 plant, sample pcap (packet capture) traffic of Modbus + OPC UA + PROFINET flows, and a list of 10 known OT attack scenarios from MITRE ATT&CK for ICS. Design a Zeek + Suricata deployment at the IT/OT boundary and 3 cell-zone aggregation points. Author 8 OT-specific detection rules (asset scan, unauthorized Modbus function code, OPC UA unusual write, MITM via ARP, etc.). Produce a 3-plant pilot plan including sensor sizing, log routing to a central SIEM, and 90-day tuning plan. Deliver: 16-page detection design, Zeek + Suricata rule packs, 8-page pilot plan, and tuning runbook.
The Brief
What you'll do, and what you'll demonstrate.
Design a passive Zeek + Suricata IDS for a plant OT network with 8 OT-specific detections and a 3-plant pilot plan that doesn't touch PLCs.
Earning criteria — what you'll demonstrate
- Design passive IDS placement in a converged IT/OT network
- Author Zeek scripts and Suricata rules for Modbus, OPC UA, PROFINET
- Plan sensor sizing and log routing for plant environments
- Build a tuning plan that survives the OT change-control reality
Program Fit
Where this fits in your program.
Sharpens the same skills your degree expects you to demonstrate.
Skills
Skills you'll demonstrate.
Each one shows up on your verified credential.
Careers
Roles this prepares you for.
Real titles. Real skill bridges. Pick the one closest to your trajectory.
Career mappings coming soon.