The invention discloses a network auditing method and device of an industrial control system, and relates to the technical field of industrial automation control. One specific embodiment of the methodcomprises the following steps: industrial firewall equipment and an industrial control monitoring terminal being used for identifying and alarming, putting the identified alarms into a filter table,receiving each alarm in the filter table by a unified security management platform, and for each alarm, obtaining a total threat value of each alarm according to a threat value list pre-stored in theunified security management platform; and determining the threat level of each alarm based on the acquired total threat value of each alarm, and determining the display of the alarm according to the determined threat level. According to the embodiment, high-risk alarm identification can be carried out on the alarm information generated by violation of the white list rule, a large number of high-risk alarms caused by incomplete white list learning data are avoided, the number of the high-risk alarms is reduced, and a user can process the high-risk alarms conveniently and preferentially.