OT SIEM with Labshock and Splunk: Understanding SCADA Events
A practical masterclass on building OT SIEM detection from real SCADA data.
The second Labshock Masterclass focuses on integrating Labshock with Splunk to analyze SCADA-level events in industrial environments.
After covering PLC fundamentals in the first session, this session moves one layer higher into SCADA systems and their role in OT security monitoring.
Why SCADA events matter in OT SIEM
Industrial OT SIEM systems often appear complex because raw SCADA event data is not well understood or properly contextualized.
Without understanding event structure, it is difficult to build meaningful detection logic or distinguish normal operational behavior from abnormal activity.
This masterclass breaks SCADA monitoring down into practical components: - what each SCADA event represents - why the event matters in industrial operations - how SCADA events translate into detection logic
Practical OT SIEM approach
The focus of this session is hands-on analysis using Labshock and Splunk.
There is no theoretical abstraction. Instead, participants work directly with generated SCADA events from a simulated industrial environment.
The workflow is fully practical:
- generate real SCADA events inside Labshock
- analyze event structure in Splunk
- identify relevant security signals
- build event pipelines step by step
- develop detection rules based on SCADA behavior
Parallel learning environment
The training follows a synchronized format:
- participants work in their own Labshock environments
- the instructor works in a parallel instance
- both sides analyze the same SCADA data patterns
- identical pipelines and event structures are used
This ensures consistent, reproducible learning conditions.
SCADA event-driven detection model
Instead of starting with dashboards or high-level summaries, the masterclass begins with raw signal analysis.
Participants learn how to: - interpret SCADA events at the source level - identify operationally meaningful signals - determine which events matter for OT security - convert SCADA activity into detection logic
Output of the masterclass
By the end of the session, participants will have defined: - 6 key SCADA event types relevant for OT SIEM - a structured approach to SCADA log analysis - a basic detection pipeline in Splunk - a foundational understanding of SCADA-based security monitoring
Event information
Date: 26 April Time: - 8:00 PM Berlin - 2:00 PM New York
This masterclass is designed for anyone who wants to understand OT SIEM through real SCADA data rather than theory.
It is focused on practical industrial cybersecurity, not dashboards or conceptual models.
The goal is to build detection capability starting directly from SCADA signals.