Policies in Days, Not Months. Without Writing Them Yourself.
Asset-Centric Auto Rule Learning: AI-generated OT policy from observed traffic
Auto Rule Learning watches your OT network and generates the inline prevention policy that matches what your equipment actually does. No golden-image catalogs to maintain. No hand-written rule sets. Deploy a TXOne Edge appliance in learning mode, review the proposed policy in days, then switch to enforcement with confidence that the rules reflect your environment.
The OT Policy Problem Nobody Talks About.
Inline prevention is powerful, but only if the rules match what your plant actually runs. Writing those rules by hand takes months your team does not have.
Asset-Centric Auto Rule Learning inverts the traditional policy process. Instead of asking a security engineer to document every protocol, every function code, and every authorized peer relationship, TXOne Edge observes the traffic, classifies each asset by what it does, and proposes the ruleset that allows normal operation while denying everything else. Your team reviews and approves. What used to take months now takes days.
WHAT IT IS
Capability
What is Asset-Centric Auto Rule Learning?
Asset-Centric Auto Rule Learning is an AI-powered policy generation capability on TXOne Edge appliances (EdgeIPS and EdgeFire). It works in two phases: a learning phase where the appliance passively observes protocol traffic, classifies assets, and builds a per-asset behavioral baseline, then a proposal phase where the generated policy is presented for review in the EdgeOne console. Approved policies deploy inline with sub-500 microsecond enforcement latency. The learning engine integrates with TXODI protocol parsing, CPSDR behavioral baseline evaluation, and the 40,000+ OT application repository used on Stellar endpoints. The outcome is inline prevention that deploys in days and reflects the actual operation, not a generic template.
KEY COMPONENTS
Asset-Centric Auto Rule Learning Challenges
Key challenges that Asset-Centric Auto Rule Learning addresses.
01 / 04
Hand-Written Policy Takes Months
Traditional inline security requires manually documenting every protocol, function code, and authorized peer relationship on your network. On a plant with dozens of vendors and hundreds of assets, this is months of security-engineer work before the first rule fires.
Hand-Written Policy Takes Months
Traditional inline security requires manually documenting every protocol, function code, and authorized peer relationship on your network. On a plant with dozens of vendors and hundreds of assets, this is months of security-engineer work before the first rule fires.
Key Components
Core components of the Asset-Centric Auto Rule Learning capability.
01 / 05
Passive Learning From Real Traffic
Deploy an Edge appliance in learning mode. It passively observes protocol traffic through the TXODI inspection pipeline, identifies each asset by vendor, device type, and observed behavior, and builds a baseline of normal protocol usage. No disruption, no forced configuration, no traffic generation required.
Key Capabilities
Passive Learning From Real Traffic
Deploy an Edge appliance in learning mode. It passively observes protocol traffic through the TXODI inspection pipeline, identifies each asset by vendor, device type, and observed behavior, and builds a baseline of normal protocol usage. No disruption, no forced configuration, no traffic generation required.
Key Capabilities
Outcomes
01 / 04
Initial visibility from first deployment
Initial visibility from first deployment
PROVEN RESULTS
WHY TXONE
Why Auto Rule Learning on TXOne Edge
AI-generated OT policy that actually fits your plant, reviewed by engineers instead of authored by them.
Most OT policy frameworks start with protocols. Auto Rule Learning starts with assets and asks: what does this specific PLC, drive, or HMI do? The generated policy reflects the behavior of your equipment, not the generic capability of a protocol.
Legacy approach creates operational risk
The engine drafts a complete ruleset with rationale attached. Your security team reviews and approves instead of authoring from a blank page. A task that used to be months of work becomes a review exercise that fits the time your team actually has.
Legacy approach creates operational risk
Shadow observation continues after enforcement, flagging legitimate new behaviors so the policy evolves with the plant. Static vendor rulesets become exception lists; Auto Rule Learning stays current.
Legacy approach creates operational risk
The transition from learning to enforcement is zero-reboot and protected by hardware bypass. If anything goes wrong, the fail-safe relay keeps traffic flowing. There is no operational risk to trying enforcement.
Legacy approach creates operational risk
The asset inventory and baseline data Auto Rule Learning produces feeds SenninRecon asset discovery, VSAR risk scoring, and Stellar endpoint baseline generation. One learning exercise improves every layer of protection.
Legacy approach creates operational risk
NEXT STEP
See Auto Rule Learning on Your Traffic
Deploy an Edge appliance on a production segment and run Auto Rule Learning in 60 minutes. See the assets identified, the behaviors baselined, and the policy proposed, all from your own traffic.