This document discusses continuous monitoring of industrial networks to detect problems. It describes what aspects of the network should be monitored, including servers, operating systems, processes, protocols, and controllers. It outlines how a test monitoring environment was prepared with a PLC, simulator, monitoring server, and traffic sniffer. Several attacks were performed, like DoS, ARP poisoning, malware infection. The results of monitoring detected these attacks by observing unusual traffic and system behaviors. The conclusion is that establishing a baseline and configuring triggers can help detect anomalies indicating network compromise.