Every feature is purpose-built for OT, not IT tooling retrofitted to industrial environments.
Per-sensor models flag statistical deviations, while a deep learning model analyses multivariate patterns across entire assets. For every anomaly, you see the predicted value alongside the actual reading, so you know exactly how far reality has drifted from the model's expectation.
A dual-head model learns multivariate sensor relationships across an entire asset. It predicts what every sensor's next readings should be, flags when actuals diverge, and stores the predicted value alongside each anomaly, so operators see expected vs. actual at a glance.
When anomalies are detected, the AI produces a prioritized site report ranking the riskiest assets, separating true faults from noise, and listing concrete actions with P1/P2/P3 priority labels. Reports improve over time as the AI learns from operator corrections and false-positive markings.
High-severity anomalies automatically generate alarms with full lifecycle tracking from New through Acknowledged to Resolved. No manual scanning of raw sensor feeds required.
Organise your infrastructure as Sites, Assets, and Sensors. Train and analyse an entire asset or site in a single operation. Safe operating ranges are stored per sensor and can be auto-populated from equipment documentation.
Upload equipment spec sheets and let the AI extract safe operating ranges directly into your sensor database. Pull device configurations via SSH or SCP and get an instant security audit with ranked findings and remediation steps. Mark any config as the known-good baseline. If an unauthorized change is detected, SERAFEND can automatically roll back to the approved configuration.
Using asset health data and anomaly history, the AI estimates how much operational life an asset likely has remaining. This gives maintenance teams the lead time they need to plan proactively, not reactively.
A floating chat widget on every page lets any user ask natural-language questions about their data: "What are the most critical alarms?", "Which sensors triggered anomalies today?", "Summarize Boiler-01 health." The assistant pulls live context from the platform and responds with specific numbers and recommendations.
SERAFEND automatically fine-tunes itself on your operational feedback. Operator corrections, false-positive markings, alarm acknowledgments, and your asset hierarchy are automatically converted into training examples, so the AI gets smarter over time without sending data off-site. Fully air-gap compatible.
Every critical event is cryptographically recorded on a Hyperledger Fabric blockchain: configuration changes, firmware versions, setpoint adjustments, operator commands, alarm acknowledgments, access events, and AI generated analyses. Tamper-evident, fully auditable, and restorable to any known-good state. When something changes, you know exactly what, when, and who.
Alarms automatically open tickets in ServiceNow, Jira Service Management, PagerDuty, or any generic webhook endpoint. Authentication, payload templates, and minimum severity are all configurable in the UI. Every dispatch is logged to the activity audit trail.
Generic thresholds create noise. SERAFEND runs two ML engines in parallel: a per-sensor statistical model and a deep-learning model that analyses multivariate patterns across entire assets. When the deep-learning model flags an anomaly, it shows what it predicted the reading should have been, so a flag comes with context, not just a number.
Each sensor tag gets its own ML model. Pump A and Pump B may be identical hardware, but their real-world behaviour differs and their models reflect that.
Every scored point receives a deviation score showing how far it has moved from the learned baseline. Triage by severity, not just on/off anomaly flags.
Configurable warm-up suppression, stability guards, and refractory periods prevent short-lived spikes and sensor jitter from flooding your team with false alarms.
The deep-learning model predicts what each sensor reading should be. When an anomaly is detected, the predicted value is stored alongside the actual, so you see exactly how far reality diverged from the model's expectation.
Trained models are stored on disk and reloaded automatically. Restarting the service does not require re-training your sensor baselines.
When something goes wrong in an industrial environment, the first question is always "what happened and when?" SERAFEND gives you a cryptographically provable answer โ one that no one can alter after the fact.
Alarms, AI analyses, and operator changes are hashed at the moment they are created. The fingerprint is stored alongside the record for instant re-verification.
Fingerprints are submitted to a permissioned blockchain network. Once anchored, they cannot be altered, deleted, or backdated by anyone, including system administrators.
Any record can be verified in seconds by checking both that the data matches the original fingerprint, and that the fingerprint exists unchanged on the blockchain.
Sample Audit Chain
Each event fingerprinted independently ยท anchored to an immutable blockchain ยท verifiable at any time
SERAFEND addresses the specific operational challenges, failure modes, and compliance demands that vary by sector.
Predict battery cell degradation, detect inverter and PCS failure risk early, and balance thermal load across storage racks. ML models learn the normal behaviour of each unit and flag deviations before they cascade.
Detect misuse of DNP3, Modbus, and other OT protocols, catch unauthorized set-point drift, and receive instant alerts on unverified firmware modifications with a blockchain-anchored record for forensic investigation.
Detect early signs of CRAC/CRAH fan degradation, pump seal wear, and airflow pattern deviations before hot spots form. Per-asset ML models track each unit's specific thermal signature.
Continuously monitor for efficiency degradation and receive AI-guided recommendations for thermal-aware workload placement and cooling adjustments. Detect UPS anomalies and SCADA irregularities that quietly erode PUE.
Every SCADA configuration change, firmware update, and operator action is cryptographically fingerprinted and anchored to blockchain. Unauthorized config changes can trigger automatic rollback to a known-good baseline.
Track robot joint wear, spindle bearing health, conveyor diagnostics, and motor conditions catching degradation early. Each machine gets its own ML model built from its actual operating history.
Identify cycle-time variance, compressed air leaks, and recipe parameter drift that silently erode throughput. AI reports rank which issues are costing the most production with clear priority labels.
Detect PLC state anomalies and unauthorized configuration changes. When a change is detected, SERAFEND can automatically restore the known-good configuration while every modification is logged with a cryptographic fingerprint.
Detect pump cavitation, VFD degradation, and blower performance decline before treatment capacity is compromised. Each asset's ML model learns its normal vibration and thermal profile.
Monitor chemical dosing accuracy, tank level behaviour, and aeration efficiency. Automatic alerts on process drift keep permit compliance proactive while every event is blockchain logged for regulatory reporting.
Monitor traction motor wear, wheel-flat development, brake system thermal profiles, and HVAC performance. ML models are trained per vehicle, not per fleet average.
Detect deviations in safety-critical signaling systems and substation SCADA before they become incidents. Transformer thermal runaway and communication anomalies are monitored with blockchain-backed evidence.
Alerts on temperature, humidity, and pressure deviations in cleanrooms, stability chambers, and cold chain environments. Every excursion is timestamped, hashed, and blockchain-anchored at the moment of detection.
Predict chiller failures, AHU faults, and CIP/SIP cycle anomalies before they affect batch quality. ML models are trained on each facility's utility systems individually.
Automatically generate cryptographically signed evidence bundles mapped to FDA GMP, ISO, and relevant regulatory requirements โ cutting audit preparation from weeks to hours.
Every core capability was designed to satisfy specific controls across the frameworks that govern industrial environments.
| Control | Requirement | Capability | How It's Addressed |
|---|---|---|---|
| SR 6.2 | Continuous Monitoring | ML Detection | Per-sensor ML models continuously score incoming readings against learned baselines, flagging deviations with severity scores in real time. |
| SR 6.1 | Audit Log Accessibility | Activity AuditBlockchain | Every user action, setting change, and security event is written to an immutable activity log with before/after diffs, then cryptographically anchored to blockchain. |
| SR 2.8 | Auditable Events | Activity Audit | Logins, anomaly runs, alarm state changes, configuration modifications, file uploads, and AI analyses are all captured with timestamps, user identity, and change details. |
| SR 3.3 | Security Functionality Verification | AI Analysis | Device configurations are pulled via SSH and automatically audited by the AI, producing ranked security findings with remediation steps. |
| SR 7.6 | Network & Security Config Settings | Config AuditBlockchain | Device configuration snapshots are pulled via SSH or SCP, diffed against previous versions, and anchored to blockchain. Unauthorized changes trigger WARN alarms and can automatically roll back. |
| SR 2.1 | Authorization Enforcement | RBAC | Role-based access control with admin and viewer roles. Admin-only actions are enforced at both UI and API levels. |
| Control | Requirement | Capability | How It's Addressed |
|---|---|---|---|
| 6.2.1 | ICS Monitoring & Detection | ML DetectionAI Analysis | Dual-engine detection: ML models identify statistical anomalies, then AI analysis triages findings and separates real threats from noise. |
| 6.2.6 | Audit & Accountability | Activity AuditBlockchain | Complete activity logging with user attribution, before/after change diffs, and blockchain-anchored cryptographic proof. |
| 6.2.7 | ICS Incident Response | Alarm TriageAI Reports | Anomalies automatically generate prioritized alarms. AI reports rank risks as P1/P2/P3 with specific remediation actions. |
| 6.2.2 | Access Control | RBAC | JWT-authenticated sessions with role-based permissions. All access events are logged. |
| 6.2.4 | Configuration Management | Config AuditChange Tracking | Device configurations are pulled via SSH or SCP, audited by AI, and tracked with versioned diffs. Unauthorized changes can trigger rollback. |
| 6.2.16 | ICS Security Assessment | AI AnalysisML Detection | Continuous security posture assessment via ML anomaly scoring and AI-driven configuration audits. |
| Article | Requirement | Capability | How It's Addressed |
|---|---|---|---|
| Art. 21(2)(a) | Risk Analysis | AI ReportsML Detection | AI-generated risk assessment reports rank assets by severity and likelihood, providing continuous risk visibility. |
| Art. 21(2)(b) | Incident Handling | Alarm TriageAI Analysis | Automatic alarm generation with lifecycle management. AI reports provide structured incident context for response teams. |
| Art. 21(2)(d) | Supply Chain Security | Config AuditBlockchain | Device firmware and configuration changes are detected, audited, and blockchain-anchored. Unauthorized modifications can trigger automatic rollback. |
| Art. 21(2)(e) | Security in Maintenance | ML DetectionChange Tracking | ML models detect behavioural changes after maintenance or equipment replacement. Full change audit trail proves when and how systems were modified. |
| Art. 21(2)(g) | Security Policies Assessment | Activity AuditBlockchain | Comprehensive activity logs with tamper-evident blockchain anchoring enable continuous assessment of security policy adherence. |
| Art. 23 | Incident Reporting | Activity AuditBlockchain | Timestamped, blockchain-verified event records provide evidence required for mandatory incident reporting within mandated timeframes. |
| Standard | Requirement | Capability | How It's Addressed |
|---|---|---|---|
| CIP-007-6 R1 | Ports & Services | Config Audit | AI-driven configuration audits detect unauthorized open ports, enabled services, and insecure protocol settings with prioritized remediation. |
| CIP-007-6 R4 | Security Event Monitoring | ML DetectionActivity Audit | Continuous ML-based monitoring with complete event logging. Security-relevant events are automatically flagged with full context. |
| CIP-008-6 | Incident Reporting & Response | Alarm TriageAI ReportsBlockchain | Automated alarm generation with AI-produced incident reports and blockchain-timestamped evidence. |
| CIP-010-4 R1 | Configuration Change Management | Config AuditChange TrackingBlockchain | Device configurations are snapshotted, diffed, and blockchain-anchored. Unauthorized changes trigger WARN alarms and can automatically roll back. |
| CIP-011-3 | Information Protection | BlockchainActivity Audit | Cryptographic fingerprinting of all critical records with permanent blockchain anchoring. Tampering is immediately detectable. |
| Section | Requirement | Capability | How It's Addressed |
|---|---|---|---|
| ยง11.10(e) | Audit Trail | Activity AuditBlockchain | Secure, computer-generated, time-stamped audit trail records every creation, modification, and deletion. Blockchain anchoring makes it tamper-evident. |
| ยง11.10(a) | System Validation | ML Detection | Per-sensor ML models are trained and validated against known operating data. Training metrics are recorded for validation documentation. |
| ยง11.10(d) | Limiting System Access | RBAC | Role-based access control restricts functions to authorized individuals. Admin-only operations require elevated privileges. |
| ยง11.10(k)(2) | Device Checks โ Authority | RBACActivity Audit | All user actions are attributed to authenticated individuals. Unauthorized access attempts are logged and blocked. |
| ยง11.50 | Signature Manifestations | Blockchain | Cryptographic fingerprints serve as electronic signatures โ displaying signer identity, timestamp, and meaning tied to each record. |
| ยง11.10(c) | Protection of Records | BlockchainActivity Audit | Records are protected through cryptographic hashing and blockchain anchoring. Any alteration is instantly detectable. |
| Control | Requirement | Capability | How It's Addressed |
|---|---|---|---|
| A.8.15 | Logging | Activity AuditBlockchain | Comprehensive logging of all user activities, exceptions, and security events with before/after diffs and blockchain-backed integrity. |
| A.8.16 | Monitoring Activities | ML DetectionAI Analysis | Systems are continuously monitored by ML models. Anomalous behaviour is automatically analysed and triaged by AI. |
| A.5.24 | Incident Management | Alarm TriageAI Reports | Automated alarm lifecycle with AI-generated incident reports containing prioritized actions and root cause analysis. |
| A.5.28 | Collection of Evidence | BlockchainActivity Audit | Cryptographically fingerprinted and blockchain-anchored evidence suitable for legal proceedings, audits, and insurance claims. |
| A.8.9 | Configuration Management | Config AuditChange Tracking | Configurations are documented, monitored for changes, and audited by AI with versioned diffs stored for review. |
| A.5.2 | Information Security Roles | RBACActivity Audit | Defined admin and viewer roles with enforced separation of duties. All role-based actions are fully attributed and logged. |
| Control | Requirement | Capability | How It's Addressed |
|---|---|---|---|
| 2-3-1 | Authentication | RBACActivity Audit | JWT-based authentication with bcrypt password hashing, httpOnly secure cookies, and complete login/logout audit logging. |
| 2-3-3 | Privilege Management | RBACActivity Audit | Three-tier role hierarchy with least-privilege enforcement. All privilege changes are logged and blockchain-anchored. |
| 2-5-1 | Change Management | Config AuditChange TrackingBlockchain | Device configurations snapshotted via SSH, diffed, and blockchain-anchored. Unauthorized changes trigger alarms and can be automatically rolled back. |
| 2-7-1 | OT Asset Management | ML DetectionAI Analysis | Complete asset registry with site โ asset โ sensor hierarchy. Per-asset ML models track operational health with RUL estimation. |
| 2-8-1 | Audit Trail & Logging | Activity AuditBlockchain | Every user action is recorded with identity, timestamp, and change details. Records are cryptographically fingerprinted and anchored to Hyperledger Fabric. |
| 2-10-1 | Security Monitoring | ML DetectionAI AnalysisActivity Audit | Continuous ML-based anomaly detection with automated alarm triage. AI-generated reports rank threats by severity. |
| 2-11-1 | Incident Detection | Alarm TriageAI Reports | Anomalies are automatically promoted to prioritized alarms with P1/P2/P3 severity ranking and recommended actions. |
| 2-14-1 | Security Testing | AI AnalysisML Detection | Anomaly injection for testing detection pipelines. AI configuration audits identify security weaknesses. |
Self-hosted. No cloud account, no vendor lock-in, no external connections required.
Runs entirely within your network. Your sensor data never leaves your environment. SERAFEND ships its own AI system for inference and fine-tuning. No external API calls required, even in air-gapped deployments.
ML models are stored on disk and survive container restarts and upgrades. Your months of training work is never lost to a routine service update.
Every tunable - model sensitivity, AI endpoint, secrets, blockchain credentials โ is set inside the GUI.
Upload your certificate through the Settings page. The web server reloads it automatically with no container restart and no downtime.
What's included
We'll spin up a demo environment modelled on your industry โ so you see SERAFEND working on infrastructure that looks like yours.
Request a Demo