Detecting DNP3 Protocol Anomalies When to Use - When monitoring SCADA systems in the energy sector where DNP3 is the primary protocol - When building detection rules for DNP3-based attacks against RTUs and substations - When investigating suspected unauthorized control commands sent via DNP3 - When deploying IDS with DNP3 deep packet inspection at utility substations - When responding to alerts from OT monitoring platforms about DNP3 traffic anomalies Do not use for non-DNP3 protocol monitoring (see detecting-modbus-command-injection-attacks for Modbus), for DNP3 Secure Authentication configu…