S7 Siemens, Write area
A S7 operation was performed - write action
ID Number
9000007
Signature
-
MITRE ATT&CK Technique
-
Severity
medium
Recommendations/Investigative actions
Identify the affected endpoint- Get the source and destination IP address and the device type from the alert. Find the site name, subnet and the indicated business process. Once you have all the information needed, contact POC site manager and verify if it’s legitimate action and close the event.