The widespread adoption of internet-connected and remotely controllable solar plants and energy storages renders coordinated cyber–physical attacks against distributed energy resources (DERs) an emerging risk for power systems. Effective incident response can be facilitated by online DER monitoring providing real-time information on event root causes and physical impacts. Such online event identification is challenged by the lack of historical attack observations, and emergence of new attack strategies. The Cyber-Physical Event Reasoning System CyPhERS provides real-time information on both known and unknown attack types in form of informative and interpretable event signatures, without need to be trained on historical attack samples. To date, CyPhERS has only been demonstrated on a laboratory water distribution testbed of limited complexity, considering human evaluation of event signatures. This work methodologically adapts CyPhERS to specificities of DER operation such as weather and consumer-induced volatility, and introduces an automated signature evaluation system. The feasibility of applying CyPhERS for automated DER monitoring is investigated on a dataset recorded from a real photovoltaic-battery system targeted by several cyber and cyber–physical attack types. The results demonstrate that the proposed methodological adaptations and signature evaluation system enable the application of CyPhERS for automated online identification of different attack types targeting DERs, while greatly reducing the false positive rate.