ALERT: Read an important update from Claroty on the global Microsoft outage linked to CrowdStrike
Read the blog
Claroty Toggle Search

Project File Analysis

Collection Method Overview

As one of Claroty’s five collection methods, Project File Analysis uses a unique, non-intrusive, pioneered-by-Claroty approach to discover and enrich XIoT assets in industrial environments.

About Project File Analysis

Claroty's Project File Analysis harnesses a unique file-parsing mechanism to provide deep visibility into XIoT assets — even those in truly air-gapped industrial environments.

Project File Analysis can be easily combined with any of our other collection methods, reinforcing two key tenets of our industrial cybersecurity portfolio:

First, Claroty recognizes there is no one-size-fits-all path to asset discovery because each customer, environment, and cybersecurity journey is unique.

Second, we also recognize that achieving a comprehensive XIoT asset inventory almost always requires using not only Project File Analysis or any other, singular collection method but a combination of multiple methods. This limitation isn't a weakness of our technology — it’s a vendor-agnostic reality of collection itself.

It’s also why Claroty is proud to be the only vendor to offer a whopping five highly flexible, mix-and-match collection methods designed to empower you to gain full visibility into all XIoT assets in your industrial environment, your way.

Key Benefits of Project File Analysis

Claroty is proud to have pioneered Project File Analysis to tackle some of the toughest challenges inherent to XIoT asset discovery in industrial environments. Key benefits of this collection method include:


Project File Analysis is uniquely non-intrusive because it relies on parsing files that are typically stored in offline repositories. As such, this collection method has no impact whatsoever on operational availability, process integrity, or safety.


This collection method can deliver efficient, effective visibility into assets and asset details even under challenging circumstances where most other collection methods would fall short — such as in fully air-gapped environments, for example.


Since Project File Analysis does not require lengthy installations or direct connectivity to the industrial environment, it can deliver deep visibility rapidly and even help expedite implementations of other Claroty offerings by blueprinting their deployments.

Project File Analysis FAQ

Have questions about Project File Analysis? You're not alone! See below for answers to questions we often receive about this collection method — and if you're seeking additional information or would like to speak with one of our experts, contact us here.

Q: How does Project File Analysis work?

A: Claroty's Project File Analysis works by ingesting and parsing the configuration files that are routinely backed-up on workstations and other support and management components of industrial environments. These files typically include details used by or related to industrial assets like PLCs and RTUs, as well as other assets with which those PLCs and RTUs communicate, making them rich information sources on virtually all assets in the environment.

Since this collection method does not require direct connectivity to the industrial environment itself, it is even suitable for those that are air-gapped or otherwise largely inaccessible.

Project File Analysis parses configuration files to extract highly granular, otherwise-tough-to-obtain asset details ranging from OS, to firmware version, to rackslot information, and more.
Claroty - Building Management Systems (BMS) and Cyber-Physical Systems Cybersecurity Solution

Q: Does Project File Analysis have any limitations?

A: Yes. Since the deep visibility provided by Project File Analysis is extracted from back-ups of configuration files — its timeliness depends on how often these files are backed-up.

While backups happen extremely frequently in many industrial environments, they seldom occur in others. For those in which asset changes are a common occurrence yet backups are not, relying solely on Project File Analysis can result in an outdated asset inventory. As a result, we encourage (and make it easy for) customers to combine Project File Analysis with one or more of our other collection methods to keep their asset inventory up-to-date.

Q: Which other collection methods best complement Project File Analysis?

A: Just as every customer is unique, every combination of our five collection methods has its own unique benefits and rationales. That being said, most of our customers who choose to use our Project File Analysis also use our Passive Monitoring.

A common scenario is for customers to first deploy Project File Analysis to rapidly discover their assets. Using their newly obtained asset inventory as a blueprint, customers can then more easily, effectively, and efficiently deploy Passive Monitoring to extend or support threat detection, segmentation, and other industrial cybersecurity controls across their environment.

By augmenting the asset details provided by Project File Analysis with the behavioral visibility offered by Passive Monitoring, customers can harness Claroty's industrial cybersecurity portfolio solutions to jumpstart network segmentation and other protective controls.

Our Industrial Products that offer Project File Analysis

Claroty xDome

Claroty xDome is a highly flexible, modular, SaaS-based platform that supports all use cases and capabilities across your entire industrial cybersecurity journey.

Claroty CTD

Claroty Continuous Threat Detection (CTD) is a robust industrial cybersecurity platform that supports on-premise deployments without compromise.

Learn about our other Collection Methods

Project File Analysis is just one of the five highly flexible, mix-and-match collection methods we offer our industrial cybersecurity customers. Our others include:

Passive Monitoring

Claroty’s approach to passive monitoring, the most common collection method for industrial asset discovery and anomaly detection, offers continuous visibility with cybersecurity and operational monitoring across OT environments.

Claroty Edge

Claroty Edge is a unique method that uses our patented technology to deliver easy and non-disruptive — yet comprehensive — visibility into all types of assets in OT environments in just minutes without any additional hardware or configuration.

Safe Queries

Safe Queries, which are Claroty’s differentiated approach to active scans, send highly targeted queries to segments of the OT environment to identify and enrich the assets present — all with unmatched precision and no risk of disruption.

Ecosystem Enrichment

Claroty’s vast technical ecosystem includes ready-made integrations with CMDB, EDR, and dozens of other tools that extend the value of customers’ existing investments while enhancing the visibility provided by our other collection methods.

Explore Additional Resources

Claroty xDome - Industrial Cyber-Physical Security Platform
Platform Overview

Claroty xDome

Read More
Blog / 8 min read

Extended Internet of Things (XIoT) FAQ

Read More
How to Accelerate OT Industrial Network Segmentation
Blog / 7 min read

How to Accelerate OT Industrial Network Segmentation

Read More
xDome Secure Access Continuous Threat Detection (CTD)

Claroty Demo

Want to see how Claroty will support your entire XIoT cybersecurity journey?

LinkedIn Twitter YouTube Facebook