CPS / IoT Devices
The CPS (Cyber-Physical Systems) page manages your fleet of IoT devices, industrial control systems, and edge sensors. AuroraSOC uniquely integrates IT security with OT/IoT security, treating physical devices as first-class security assets.
Device Fleet Overview
Device Table
The CPS device inventory displays:
| Column | Description |
|---|---|
| Device ID | Unique identifier (UUID) |
| Name | Human-readable device name |
| Family | Device family (ESP32-S3, nRF52840, STM32F429) |
| Firmware Stack | Operating environment (Zephyr, Embassy-rs, Ada SPARK) |
| Location | Physical deployment location |
| Zone | Network security zone |
| Attestation | Status badge: Verified ✅ / Failed ❌ / Pending ⏳ |
| Last Seen | Last telemetry timestamp |
| Status | Online / Offline / Alert |
Device Families
AuroraSOC supports three firmware platforms:
| Platform | MCU | RTOS/Framework | Use Case | Language |
|---|---|---|---|---|
| ESP32-S3 | Xtensa LX7 | Zephyr RTOS | Edge AI inference, WiFi sensor | C |
| nRF52840 | ARM Cortex-M4 | Embassy-rs | BLE scanning, USB sentinel | Rust |
| STM32F429 | ARM Cortex-M4 | Ada SPARK | Safety-critical relay control | Ada |
Device Detail View
Telemetry Panel
Real-time sensor data from the device:
- Temperature — Ambient and core temperature readings
- Vibration — Accelerometer data for tamper detection
- Network Activity — Packet counts, connection metrics
- Battery — Power level (for battery-powered devices)
Attestation Panel
Firmware integrity verification using ECDSA P-256. When the optional
rust-core profile is enabled, the panel reflects this verification flow:
A failed attestation could indicate firmware tampering, supply chain compromise, or device replacement. Failed attestations automatically generate Critical severity alerts and notify the CPS Security agent.
Alert Correlation Panel
Physical-cyber correlation types detected:
| Correlation Type | Example |
|---|---|
| PHYSICAL_TAMPER | Vibration spike + authentication failure |
| FIRMWARE_MISMATCH | Hash doesn't match expected version |
| ANOMALOUS_TELEMETRY | Sensor readings outside normal baseline |
| COMMUNICATION_ANOMALY | Unexpected network traffic patterns |
| LOCATION_ANOMALY | Device communicating from unexpected location |
Firmware Inventory
The firmware inventory sub-page tracks:
- Firmware versions deployed per device family
- Version distribution across the fleet
- Update compliance (how many devices are on the latest version)
- Attestation success rate by firmware version
OT Protocol Support
AuroraSOC monitors industrial protocols:
- Modbus TCP/RTU — implemented register-query support via
QueryOTProtocol - DNP3 — adapter hook available (integration pending)
- S7 — adapter hook available (integration pending)
The CPS Security agent can query these protocols via the QueryOTProtocol tool to detect anomalies, with Modbus as the currently active backend.
Adding New Devices
Devices are auto-discovered when they first connect to the MQTT broker:
- Device connects to
mqtt://mosquitto:1883with TLS client certificate - Publishes to
aurora/sensors/{device_id}/telemetry - MQTT Consumer bridge receives the message
- Device auto-registered in PostgreSQL with metadata
- Appears in the CPS device table within seconds
For pre-registration, use the API:
curl -X POST /api/v1/cps/devices \
-H "Authorization: Bearer $TOKEN" \
-d '{
"name": "Factory Floor Sensor 01",
"family": "ESP32_S3",
"firmware_stack": "ZEPHYR",
"location": "Building A, Floor 2",
"zone": "OT-Zone-1"
}'