OT Network Traffic Validation Steps for Dragos Sensors

This guide provides detailed steps for validating operational technology (OT) network traffic in Cisco environments prior to connecting Dragos Sensors. It outlines essential actions such as ensuring compliance with change control processes, verifying network topology diagrams, and confirming that the Switched Port Analyzer (SPAN) session is correctly configured. The document emphasizes the importance of capturing and analyzing packets to ensure that the correct traffic is mirrored and includes specific commands for connecting to the switch, displaying current SPAN configurations, and verifying session details. Additionally, it describes the use of packet analysis tools like Wireshark to capture and analyze traffic, ensuring that all expected traffic types are being monitored. The guide concludes with recommendations for documenting the SPAN session configuration and sharing findings with relevant stakeholders, thereby maintaining accurate records of the configuration and analysis process.