World of Labshock — Integration Directory
Industrial Integrations
The operational backbone of the Labshock ecosystem. PLC runtimes, SCADA platforms, SIEM systems, collectors, routers, IDS sensors, and industrial infrastructure components powering OT environments.
PlatformLabshock
PlatformLabshock
PlatformLabshock
PlatformLabshock
PLCLabshock
PentestLabshock
IDSLabshock
CollectorLabshock
RouterLabshock
EWSLabshock
TransferLabshock
PLCOpenPLC Project
SCADAFUXA
SIEMSplunk
SIEMElastic
IDSZeek Project16 INTEGRATIONS — OT SECURITY REQUIRES ECOSYSTEM VISIBILITY
World
Licensing, identity, and progression orchestration.
Type: platform
Vendor: Labshock
Protocols: HTTPS, JWT, REST API
World is the central orchestration layer of the Labshock ecosystem, responsible for identity management, licensing validation, progression tracking, and platform-wide authentication. It acts as the authoritative source of truth for user state across all Labshock components, ensuring consistent access control across Portal instances, labs, and distributed deployments. World maintains persistent identity and progression data that synchronizes across local and remote environments, enabling a unified user state across the entire platform. It issues cryptographically signed license tokens that define user entitlements, capabilities, progression levels, and feature access across the ecosystem. These tokens allow secure offline and online validation while preserving consistent access control across distributed Labshock deployments. In addition, World exposes a REST and JWT-based API layer used by Portal, Builder, and Command Center to validate sessions, resolve permissions, and synchronize ecosystem metadata.
Portal
Local OT operations hub and progression interface.
Type: platform
Vendor: Labshock
Protocols: HTTPS, WebSocket, REST API
Portal is the primary operational interface of the World of Labshock platform, acting as the local execution and visualization layer for industrial environments. It provides a unified workspace where users can launch labs, interact with SCADA-style visualizations, inspect industrial processes, monitor protocol traffic, and manage progression across the Labshock ecosystem. Portal maintains a persistent connection to both local simulation infrastructure and the World orchestration layer, synchronizing user state, lab configuration, and environment metadata in real time. Through WebSocket-based streaming, Portal delivers live industrial telemetry including PLC state changes, network events, and system alerts, enabling real-time interaction with OT environments rather than static simulation views. It also serves as the integration point for all Labshock services, including Builder deployments, Command Center monitoring, and external tool connections such as SIEM and IDS systems. Designed to operate both online and offline, Portal can function as a standalone industrial training environment while also scaling into distributed multi-user OT simulation.
Builder
Infrastructure engine for constructing industrial labs.
Type: platform
Vendor: Labshock
Protocols: Docker, Compose
Builder is the infrastructure orchestration engine responsible for generating, configuring, and deploying Labshock industrial environments. It transforms abstract lab definitions into fully operational cyber-physical simulations by automatically provisioning containers, network segments, services, and industrial protocol mappings. Builder manages the full lifecycle of an industrial environment, including initialization, topology construction, service orchestration, runtime configuration, and teardown. It dynamically creates segmented OT network architectures, simulating IT, DMZ, and OT zones with configurable routing, isolation rules, and industrial traffic behavior. Through Docker and Compose-based execution layers, Builder ensures reproducible deployment of complex multi-service industrial systems such as PLC runtimes, SCADA interfaces, IDS sensors, and telemetry pipelines. Each lab build is deterministic, allowing identical industrial environments to be instantiated across local machines, distributed training setups, or cloud-based Labshock deployments. Builder acts as the translation layer between Labshock environment definitions and real execution infrastructure, enabling industrial simulations to behave consistently regardless of underlying hardware.
Command Center
Operational visibility into users, progression, and ecosystem activity.
Type: platform
Vendor: Labshock
Protocols: HTTPS, REST API
Command Center is the central monitoring and analytics layer for user progression within the Labshock ecosystem. It tracks user activity across labs, including experience points (XP), levels, completed guides, quests, badges, and achievement milestones. All progression data is aggregated from Portal, World, and execution environments to form a unified view of user development across the platform. The system enables real-time visibility into learning progression across industrial, security, and documentation tracks, while also capturing engagement patterns such as lab completion rates and quest performance. Instead of focusing on infrastructure telemetry, Command Center translates system interaction into structured progression and skill development data.
ShockPLC
Industrial PLC runtime supporting multiple OT protocols.
Type: plc
Vendor: Labshock
Protocols: Modbus TCP, S7comm, EtherNet/IP, DNP3
ShockPLC is the industrial PLC runtime of the Labshock ecosystem, designed to execute control logic with high-fidelity protocol realism and multi-vendor behavior emulation. It provides a runtime environment where PLC programs are executed while simultaneously exposing industrial communication protocols such as Modbus TCP, Siemens S7, EtherNet/IP, and DNP3. This allows realistic interaction between control logic, field devices, and external simulation systems. ShockPLC is designed for OT training, detection engineering, and industrial attack simulation, enabling users to observe how control logic behaves under normal operation and adversarial conditions within a fully instrumented environment.
Pentest Fury
Industrial protocol penetration testing framework.
Type: pentest
Vendor: Labshock
Protocols: Modbus TCP, S7comm, DNP3, EtherNet/IP
Pentest Fury is the offensive security and industrial penetration testing framework of the Labshock ecosystem, designed specifically for ICS and OT environments. It provides a structured environment for scanning, enumeration, fuzzing, and protocol-level interaction across industrial systems such as SCADA networks and PLC-controlled processes. Users can analyze network topology, identify exposed services, and interact directly with industrial protocols at a low level. The framework includes ICS-specific tooling for traffic manipulation and protocol exploitation, enabling controlled security testing against industrial systems without disrupting the simulation environment.
Network Swiftness
OT network visibility and industrial traffic analysis.
Type: ids
Vendor: Labshock
Protocols: Modbus TCP, S7comm, DNP3, Syslog
Network Swiftness is the intrusion detection and network visibility system of the Labshock ecosystem, designed specifically for industrial control and OT environments. It continuously monitors network traffic between SCADA systems, PLCs, and industrial devices, providing real-time analysis of communication patterns, protocol behavior, and system interactions across the OT network layer. The system performs deep packet inspection and protocol-aware analysis to detect unauthorized access, suspicious communication patterns, and deviations from expected industrial behavior. It supports rule-based detection for known threat signatures as well as anomaly detection for identifying unusual activity in industrial processes. Network Swiftness also generates structured event logs and alerts, enabling further investigation and correlation with other Labshock systems such as Command Center and Tidal Collector.
Tidal Collector
Industrial telemetry pipeline into SIEM platforms.
Type: collector
Vendor: Labshock
Protocols: Syslog, HEC, REST API
Tidal Collector is the telemetry ingestion, aggregation, and forwarding layer of the Labshock ecosystem, responsible for collecting operational and security data from across industrial environments. It gathers logs, events, and network signals from PLCs, SCADA systems, IDS components such as Network Swiftness, and other Labshock services. This includes protocol-level events, system alerts, and operational state changes generated during lab execution. Before forwarding data to external SIEM platforms or OT analytics systems, Tidal Collector normalizes and enriches incoming telemetry into structured formats compatible with tools such as Splunk and Elasticsearch, ensuring consistency across heterogeneous industrial data sources. The system also provides filtering and noise reduction capabilities, allowing irrelevant or redundant signals to be removed while preserving security-relevant and operationally meaningful events.
Surge Router
Industrial routing, segmentation, and traffic filtering.
Type: router
Vendor: Labshock
Protocols: TCP/IP, NAT, Routing
Surge Router is the industrial network routing and segmentation layer of the Labshock ecosystem, responsible for simulating realistic OT network architecture and controlled communication between system zones. It enables structured separation between IT, DMZ, and OT environments by implementing virtual routing logic, NAT behavior, and traffic filtering rules that reflect real industrial network constraints. The system supports protocol-aware routing for industrial communication flows, ensuring that SCADA, PLC, and monitoring traffic can be segmented, restricted, or redirected based on network topology definitions. Surge Router also provides configurable isolation policies that simulate real-world industrial security architectures, including restricted pathways between critical control systems and external-facing services.
Engineering Workstation
PLC programming and industrial engineering environment.
Type: ews
Vendor: Labshock
Protocols: S7comm, Modbus TCP
Engineering Workstation is the industrial engineering and control interface of the Labshock ecosystem, providing direct operator-level access to PLC systems and industrial process logic. It enables users to interact with programmable logic controllers through supported industrial protocols such as S7comm and Modbus TCP, allowing for logic deployment, process modification, and real-time inspection of system behavior. The environment simulates the role of real-world engineering stations used in industrial automation, where operators configure control logic, adjust process variables, and validate system behavior during live operation. Engineering Workstation provides full visibility into PLC state execution, enabling users to observe how control logic affects industrial processes within SCADA-connected environments.
Transfer
Controlled OT-to-IT data exchange service.
Type: transfer
Vendor: Labshock
Protocols: HTTPS, SFTP
Transfer is the controlled data exchange layer between OT and IT environments within the Labshock ecosystem, designed to simulate secure industrial DMZ communication patterns. It enables structured movement of telemetry, logs, configuration files, backups, and industrial artifacts between isolated network zones while enforcing strict boundary controls between operational technology and enterprise systems. The service replicates real-world DMZ architectures where data cannot flow freely between OT and IT layers, but must pass through controlled interfaces with defined security constraints and validation rules. Transfer ensures that all cross-zone communication is explicit, traceable, and governed by policy-driven routing logic, preserving the integrity of industrial systems while allowing necessary data exchange.
OpenPLC
Open-source industrial PLC runtime.
Type: plc
Vendor: OpenPLC Project
Protocols: Modbus TCP, DNP3
OpenPLC is an open-source programmable logic controller runtime used widely in industrial automation education, research, and OT simulation environments. It provides a standards-based PLC execution environment that supports industrial communication protocols such as Modbus TCP and DNP3, enabling interaction with SCADA systems, field devices, and external control logic. Within the Labshock ecosystem, OpenPLC serves as an external runtime integration layer, allowing realistic PLC behavior to be incorporated into simulated industrial environments without relying on proprietary controller hardware. It is commonly used for experimentation, protocol testing, and foundational industrial control learning in OT cybersecurity and automation contexts.
FUXA SCADA
Web-based SCADA and HMI platform.
Type: scada
Vendor: FUXA
Protocols: Modbus TCP, S7Comm, EIP, DNP3, MQTT, OPC UA, RestAPI
FUXA SCADA is a web-based Supervisory Control and Data Acquisition (SCADA) and Human-Machine Interface (HMI) platform used for industrial process visualization and monitoring. It provides real-time dashboards for industrial systems, allowing operators to visualize process states, monitor sensor data, and interact with control system variables through supported protocols such as Modbus TCP and OPC UA. Within the Labshock ecosystem, FUXA SCADA represents the visualization layer of industrial environments, translating raw PLC and process data into interactive dashboards that reflect operational system states in real time. It enables structured monitoring of industrial processes, bridging the gap between low-level control logic and high-level operational awareness in OT environments.
Splunk
Enterprise SIEM and observability platform.
Type: siem
Vendor: Splunk
Protocols: Syslog, HEC
Splunk is an enterprise-scale Security Information and Event Management (SIEM) and observability platform used for ingesting, analyzing, and correlating machine-generated data across complex environments. It provides centralized telemetry ingestion through Syslog and HTTP Event Collector (HEC), enabling structured collection of logs, security events, and operational data from industrial and enterprise systems. Within the Labshock ecosystem, Splunk serves as an external analytics and correlation layer for OT telemetry, allowing data from PLCs, SCADA systems, IDS components, and collectors such as Tidal Collector to be aggregated, searched, and analyzed at scale. It enables cross-system correlation, long-term data retention, and security analytics across industrial environments, supporting both operational visibility and threat detection use cases.
ELK Stack
Open-source observability and analytics platform.
Type: siem
Vendor: Elastic
Protocols: Syslog, Beats
ELK Stack is an open-source observability and analytics platform composed of Elasticsearch, Logstash, and Kibana, designed for log ingestion, indexing, and visualization at scale. It enables structured collection of machine-generated data through Logstash and Beats, centralized storage and indexing via Elasticsearch, and interactive analysis through Kibana dashboards. Within the Labshock ecosystem, ELK serves as an external SIEM and observability layer for industrial environments, enabling aggregation of telemetry from PLC systems, SCADA platforms, IDS tools, and Collector services into a unified analytics pipeline. It provides flexible search, visualization, and correlation capabilities for OT and IT data, supporting both operational monitoring and security analysis across distributed industrial systems.
Zeek
Industrial network security monitoring engine.
Type: ids
Vendor: Zeek Project
Protocols: TCP/IP, ICS Protocol Analysis
Zeek is a powerful network security monitoring and analysis framework designed for deep inspection of network traffic across enterprise and industrial environments. It captures and analyzes network communications at a protocol level, generating structured logs and behavioral metadata from raw packet streams. This enables visibility into connection patterns, protocol usage, and potential anomalies across both IT and OT networks. Within the Labshock ecosystem, Zeek functions as an external deep packet inspection and protocol intelligence layer, complementing IDS systems like Network Swiftness by providing enriched network telemetry for industrial environments. It supports detection of suspicious behavior, traffic reconstruction, and protocol-level analysis across ICS-relevant communication flows, enabling advanced security monitoring and forensic investigation.