CPS / IoT Devices
The CPS (Cyber-Physical Systems) page manages your fleet of IoT devices, industrial control systems, and edge sensors. AuroraSOC uniquely integrates IT security with OT/IoT security, treating physical devices as first-class security assets.
Device Fleet Overview
Device Table
The CPS device inventory displays:
| Column | Description |
|---|---|
| Device ID | Unique identifier (UUID) |
| Name | Human-readable device name |
| Family | Device family (ESP32-S3, nRF52840, STM32F429) |
| Firmware Stack | Operating environment (Zephyr, Embassy-rs, Ada SPARK) |
| Location | Physical deployment location |
| Zone | Network security zone |
| Attestation | Status badge: Verified ✅ / Failed ❌ / Pending ⏳ |
| Last Seen | Last telemetry timestamp |
| Status | Online / Offline / Alert |
Device Families
AuroraSOC supports three firmware platforms:
| Platform | MCU | RTOS/Framework | Use Case | Language |
|---|---|---|---|---|
| ESP32-S3 | Xtensa LX7 | Zephyr RTOS | Edge AI inference, WiFi sensor | C |
| nRF52840 | ARM Cortex-M4 | Embassy-rs | BLE scanning, USB sentinel | Rust |
| STM32F429 | ARM Cortex-M4 | Ada SPARK | Safety-critical relay control | Ada |
Device Detail View
Telemetry Panel
Real-time sensor data from the device:
- Temperature — Ambient and core temperature readings
- Vibration — Accelerometer data for tamper detection
- Network Activity — Packet counts, connection metrics
- Battery — Power level (for battery-powered devices)
Attestation Panel
Firmware integrity verification using ECDSA P-256:
A failed attestation could indicate firmware tampering, supply chain compromise, or device replacement. Failed attestations automatically generate Critical severity alerts and notify the CPS Security agent.
Alert Correlation Panel
Physical-cyber correlation types detected:
| Correlation Type | Example |
|---|---|
| PHYSICAL_TAMPER | Vibration spike + authentication failure |
| FIRMWARE_MISMATCH | Hash doesn't match expected version |
| ANOMALOUS_TELEMETRY | Sensor readings outside normal baseline |
| COMMUNICATION_ANOMALY | Unexpected network traffic patterns |
| LOCATION_ANOMALY | Device communicating from unexpected location |
Firmware Inventory
The firmware inventory sub-page tracks:
- Firmware versions deployed per device family
- Version distribution across the fleet
- Update compliance (how many devices are on the latest version)
- Attestation success rate by firmware version
OT Protocol Support
AuroraSOC monitors industrial protocols:
- Modbus TCP/RTU — PLC communication monitoring
- DNP3 — SCADA protocol analysis
- BACnet — Building automation monitoring
- OPC UA — Industrial data exchange
The CPS Security agent can query these protocols via the QueryOTProtocol tool to detect anomalies.
Adding New Devices
Devices are auto-discovered when they first connect to the MQTT broker:
- Device connects to
mqtt://mosquitto:1883with TLS client certificate - Publishes to
aurora/sensors/{device_id}/telemetry - MQTT Consumer bridge receives the message
- Device auto-registered in PostgreSQL with metadata
- Appears in the CPS device table within seconds
For pre-registration, use the API:
curl -X POST /api/v1/cps/devices \
-H "Authorization: Bearer $TOKEN" \
-d '{
"name": "Factory Floor Sensor 01",
"family": "ESP32_S3",
"firmware_stack": "ZEPHYR",
"location": "Building A, Floor 2",
"zone": "OT-Zone-1"
}'