I appreciate the active coding, deep inspection of packages, and data retrieval. The tool covers information about assets and attack vectors, which I find superior to other tools. Based on alerts, I create reports detailing how an attacker can penetrate the plant, both externally and internally.
Initially, I felt the Claroty Platform wasn't up to the mark for vulnerability management, but recent upgrades have been very helpful. The new features provide more detailed information, including CVE numbers and thorough explanations, such as for MS17-010 (WannaCry). This level of detail meets my expectations and allows me to determine how much of the plant's assets and devices would be compromised if a vulnerability is exploited. This information is crucial for reporting to the CISO.
I've reported four bugs and three feature requests so far. The main area of focus should be on how attacks are detected. The attack vector information needs to be more detailed. For example, it's not enough to state that an SMB v1 version open can lead to a WannaCry attack. A more detailed explanation should help clients understand the various ways an attack could occur.