You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
|**Yokogawa**| Centum ODEQ (Centum / ProSafe DCS)<br> HIS Equalize<br> FA-M3<br> Vnet/IP |
49
49
@@ -70,7 +70,7 @@ Enterprise IoT network sensors can detect the following protocols when identifyi
70
70
71
71
Asset vendors, partners, or platform owners can use Defender for IoT's Horizon Protocol SDK to secure any OT protocol used in IoT and ICS environments that's not isn't already supported by default.
72
72
73
-
Horizon helps you to write plugins for OT sensors that enable Deep Packet Inspection (DPI) on the traffic and detect threats in realtime. Customize your plugins localize and customize text for alerts, events, and protocol parameters.
73
+
Horizon helps you to write plugins for OT sensors that enable Deep Packet Inspection (DPI) on the traffic and detect threats in real-time. Customize your plugins localize and customize text for alerts, events, and protocol parameters.
Copy file name to clipboardExpand all lines: articles/defender-for-iot/organizations/detect-windows-endpoints-script.md
+27-12Lines changed: 27 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -20,7 +20,7 @@ The script described in this article returns the following details about each de
20
20
- Installed programs
21
21
- Last knowledge base update
22
22
23
-
If an OT network sensor has already learned the device, running the script outlined in this article retrieves the device's information and enrichment data.
23
+
If an OT network sensor has already detected the device, running the script outlined in this article retrieves the device's information and enrichment data.
24
24
25
25
## Prerequisites
26
26
@@ -43,15 +43,17 @@ The script described in this article is supported for the following Windows oper
43
43
- Windows 10
44
44
- Windows Server 2003/2008/2012/2016/2019
45
45
46
-
## Run the script
46
+
## Download and run the script
47
47
48
-
This procedure describes how to obtain, deploy, and run the script on the Windows workstation and servers that you want to monitor in Defender for IoT.
48
+
This procedure describes how to deploy and run a script on the Windows workstation and servers that you want to monitor in Defender for IoT.
49
49
50
-
The script you run to detect enriched Windows datais run as a utility and not as an installed program. Running the script doesn't affect the endpoint.
50
+
The script detects enriched Windows data, and is run as a utility and not an installed program. Running the script doesn't affect the endpoint. You may want to deploy the script once, or using ongoing automation, using standard automated deployment methods and tools.
51
51
52
-
1. To acquire the script, [contact customer support](mailto:support.microsoft.com).
52
+
1. Sign into your OT sensor console, and select **System Settings** > **Import Settings** > **Windows Information**.
53
+
54
+
1. Select **Download script**. For example:
53
55
54
-
1. Deploy the script once, or using ongoing automation, using standard automated deployment methods and tools.
56
+
:::image type="content" source="media/detect-windows-endpoints-script/download-wmi-script.png" alt-text="Screenshot of where to download WMI script." lightbox="media/detect-windows-endpoints-script/download-wmi-script.png":::
55
57
56
58
1. Copy the script to a local drive and unzip it. The following files appear:
57
59
@@ -62,17 +64,17 @@ The script you run to detect enriched Windows data is run as a utility and not a
62
64
63
65
1. Run the `run.bat` file.
64
66
65
-
After the script runs to probe the registry, a CX-snapshot file appears with the registry information. The filename indicates the system name, date, and time of the snapshot with the following syntax: `CX-snaphot_SystemName_Month_Year_Time`
67
+
After the script runs to probe the registry, a CX-snapshot file appears with the registry information. The filename indicates the machine name and the current date and time of the snapshot with the following syntax: `cx_snapshot_[machinename]_[current date time]`.
66
68
67
-
Files generated by the script:
69
+
Files generated by the script include:
68
70
69
71
- Remain on the local drive until you delete them.
70
72
- Must remain in the same location. Don't separate the generated files.
71
73
- Are overwritten if you run the script again.
72
74
73
75
## Import device details
74
76
75
-
After having run the script as described [earlier](#run-the-script), import the generated data to your sensor to view the device details in the **Device inventory**.
77
+
After having run the script as described [earlier](#download-and-run-the-script), import the generated data to your sensor to view the device details in the **Device inventory**.
76
78
77
79
**To import device details to your sensor**:
78
80
@@ -84,11 +86,24 @@ After having run the script as described [earlier](#run-the-script), import the
84
86
85
87
1. Select **Import File**, and then select all the files (Ctrl+A).
86
88
87
-
1. Select **Close**. The device registry information is imported and a successful confirmation message is shown.
89
+
:::image type="content" source="media/detect-windows-endpoints-script/import-wmi-script.png" alt-text="Screenshot of where to import WMI script." lightbox="media/detect-windows-endpoints-script/import-wmi-script.png":::
90
+
91
+
## View devices applications report
92
+
93
+
After [downloading and running](#download-and-run-the-script) the script, then [importing](#import-device-details) the generated data to your sensor, you can view your devices applications with a custom data mining report.
94
+
95
+
**To view the devices applications:**
88
96
89
-
If there's a problem uploading one of the files, you'll be informed which file upload failed.
97
+
1. Sign into your OT sensor console, and select **Data mining**.
98
+
99
+
1. Select **+ Create report** to [create a custom report](how-to-create-data-mining-queries.md#create-an-ot-sensor-custom-data-mining-report). In the **Choose Category** field, select **Devices Applications**. For example:
1. Your devices applications report is shown in the **My reports** area.
104
+
105
+
Based on this information, the Windows device installed applications CVE list will be displayed in Azure if the sensor is cloud-connected.
90
106
91
107
## Next steps
92
108
93
109
For more information, see [Detect Windows workstations and servers with a local script](detect-windows-endpoints-script.md) and [Import extra data for detected OT devices](how-to-import-device-information.md).
Copy file name to clipboardExpand all lines: articles/defender-for-iot/organizations/how-to-manage-individual-sensors.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -143,9 +143,9 @@ The following procedures describe how to deploy updated SSL/TLS certificates, su
143
143
144
144
If an upload fails, contact your security or IT administrator. For more information, see [SSL/TLS certificate requirements for on-premises resources](best-practices/certificate-requirements.md) and [Create SSL/TLS certificates for OT appliances](ot-deploy/create-ssl-certificates.md).
145
145
146
-
1. In the **Validation for on-premises management console certificates** area, select **Required** if SSL/TLS certificate validation is required. Otherwise, select **None**.
146
+
1. In the **Validation of on-premises management console certificate** area, select **Mandatory** if SSL/TLS certificate validation is required. Otherwise, select **None**.
147
147
148
-
If you've selected **Required** and validation fails, communication between relevant components is halted, and a validation error is shown on the sensor. For more information, see [CRT file requirements](best-practices/certificate-requirements.md#crt-file-requirements).
148
+
If you've selected **Mandatory** and validation fails, communication between relevant components is halted, and a validation error is shown on the sensor. For more information, see [CRT file requirements](best-practices/certificate-requirements.md#crt-file-requirements).
149
149
150
150
1. Select **Save** to save your certificate settings.
151
151
@@ -177,7 +177,7 @@ When you're done, use the following procedures to validate your certificate file
177
177
178
178
1. Select the **Confirm** option to confirm the warning.
179
179
180
-
1. In the **Validation for on-premises management console certificates** area, select **Required** if SSL/TLS certificate validation is required. Otherwise, select **None**.
180
+
1. In the **Validation of on-premises management console certificate** area, select **Mandatory** if SSL/TLS certificate validation is required. Otherwise, select **None**.
181
181
182
182
If this option is toggled on and validation fails, communication between relevant components is halted, and a validation error is shown on the sensor. For more information, see [CRT file requirements](best-practices/certificate-requirements.md#crt-file-requirements).
Copy file name to clipboardExpand all lines: articles/defender-for-iot/organizations/how-to-work-with-the-sensor-device-map.md
+7-14Lines changed: 7 additions & 14 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -31,7 +31,7 @@ To view devices across multiple sensors in a zone, you'll also need an on-premis
31
31
- Starred devices are those that had been marked as important
32
32
- Devices with no alerts are shown in black, or grey in the zoomed-in connections view
33
33
34
-
For example:
34
+
For example:
35
35
36
36
:::image type="content" source="media/how-to-work-with-maps/device-map-default.png" alt-text="Screenshot of a default view of an OT sensor's device map." lightbox="media/how-to-work-with-maps/device-map-default.png":::
37
37
@@ -45,7 +45,7 @@ To view devices across multiple sensors in a zone, you'll also need an on-premis
45
45
- The number of devices grouped in a subnet in an IT network, if relevant. This number of devices is shown in a black circle.
46
46
- Whether the device is newly detected or unauthorized.
47
47
48
-
1. Right-click a specific device and select **View properties** to drill down further to the **Map View** tab on the device's [device details page](how-to-investigate-sensor-detections-in-a-device-inventory.md#view-the-device-inventory).
48
+
1. Right-click a specific device and select **View properties** to drill down further to the **Map View** tab on the device's [device details page](how-to-investigate-sensor-detections-in-a-device-inventory.md#view-the-device-inventory).
49
49
50
50
### Modify the OT sensor map display
51
51
@@ -73,7 +73,6 @@ To see device details, select a device and expand the device details pane on the
73
73
- Select **Event Timeline** to jump to the device's [event timeline](how-to-track-sensor-activity.md)
74
74
- Select **Device Details** to jump to a full [device details page](how-to-investigate-sensor-detections-in-a-device-inventory.md#view-the-device-inventory).
75
75
76
-
77
76
### View IT subnets from an OT sensor device map
78
77
79
78
By default, IT devices are automatically aggregated by [subnet](how-to-control-what-traffic-is-monitored.md#define-ot-and-iot-subnets), so that the map focuses on your local OT and IoT networks.
@@ -94,7 +93,6 @@ By default, IT devices are automatically aggregated by [subnet](how-to-control-w
94
93
1. Sign into your OT sensor and select **Device map**.
95
94
1. Select one or more expanded subnets and then select **Collapse All**.
96
95
97
-
98
96
## Create a custom device group
99
97
100
98
In addition to OT sensor's [built-in device groups](#built-in-device-map-groups), create new custom groups as needed to use when highlighting or filtering devices on the map.
@@ -103,7 +101,7 @@ In addition to OT sensor's [built-in device groups](#built-in-device-map-groups)
103
101
104
102
1. In the **Add custom group** pane:
105
103
106
-
- In the **Name** field, enter a meaningful name for your group, with up to 30 characters.
104
+
- In the **Name** field, enter a meaningful name for your group, with up to 30 characters.
107
105
- From the **Copy from groups** menu, select any groups you want to copy devices from.
108
106
- From the **Devices** menu, select any extra devices to add to your group.
109
107
@@ -113,12 +111,11 @@ Use one of the following options to import and export device data:
113
111
114
112
-**Import Devices**. Select to import devices from a pre-configured .CSV file.
115
113
-**Export Devices**. Select to export all currently displayed devices, with full details, to a .CSV file.
116
-
-**Export Device Summary**. Select to export a high level summary of all currently displayed devices to a .CSV file.
117
-
114
+
-**Export Device Summary**. Select to export a high level summary of all currently displayed devices to a .CSV file.
118
115
119
116
## Edit devices
120
117
121
-
1. Sign into an OT sensor and select **Device map**.
118
+
1. Sign into an OT sensor and select **Device map**.
122
119
123
120
1. Right-click a device to open the device options menu, and then select any of the following options:
124
121
@@ -142,13 +139,12 @@ You can only merge [authorized devices](device-inventory.md#unauthorized-devices
142
139
143
140
> [!IMPORTANT]
144
141
> You can't undo a device merge. If you mistakenly merged two devices, delete the devices and then wait for the sensor to rediscover both.
145
-
>
146
142
147
143
**To merge multiple devices**:
148
144
149
145
1. Sign into your OT sensor and select **Device map**.
150
146
151
-
1. Select the authorized devices you want to merge by using the SHIFT key to select more than one device, and then right-click and select **Merge**.
147
+
1. Select the authorized devices you want to merge by using the SHIFT key to select more than one device, and then right-click and select **Merge**.
152
148
153
149
1. At the prompt, select **Confirm** to confirm that you want to merge the devices.
154
150
@@ -189,7 +185,6 @@ You may have situations where you'd want to handle multiple notifications togeth
189
185
190
186
When you handle multiple notifications together, you may still have remaining notifications that need to be handled manually, such as for new IP addresses or no subnets detected.
191
187
192
-
193
188
### Device notification responses
194
189
195
190
The following table lists available responses for each notification, and when we recommend using each one:
@@ -198,7 +193,7 @@ The following table lists available responses for each notification, and when we
198
193
|--|--|--|--|
199
194
|**New IP detected**| A new IP address is associated with the device. This may occur in the following scenarios: <br><br>- A new or additional IP address was associated with a device already detected, with an existing MAC address.<br><br> - A new IP address was detected for a device that's using a NetBIOS name. <br /><br /> - An IP address was detected as the management interface for a device associated with a MAC address. <br /><br /> - A new IP address was detected for a device that's using a virtual IP address. | - **Set Additional IP to Device**: Merge the devices <br />- **Replace Existing IP**: Replaces any existing IP address with the new address <br /> - **Dismiss**: Remove the notification. |**Dismiss**|
200
195
|**No subnets configured**| No subnets are currently configured in your network. <br /><br /> We recommend configuring subnets for the ability to differentiate between OT and IT devices on the map. | - **Open Subnet Configuration** and [configure subnets](how-to-control-what-traffic-is-monitored.md#define-ot-and-iot-subnets). <br />- **Dismiss**: Remove the notification. |**Dismiss**|
201
-
|**Operating system changes**| One or more new operating systems have been associated with the device. | - Select the name of the new OS that you want to associate with the device.<br /> - **Dismiss**: Remove the notification. |No automatic handling|
196
+
|**Operating system changes**| One or more new operating systems have been associated with the device. | - Select the name of the new OS that you want to associate with the device.<br /> - **Dismiss**: Remove the notification. | Set with new operating system only if not already configured manually. <br><br>If the operating system has already been configured: **Dismiss**. |
202
197
|**New subnets**| New subnets were discovered. |- **Learn**: Automatically add the subnet.<br />- **Open Subnet Configuration**: Add all missing subnet information.<br />- **Dismiss**: <br />Remove the notification. |**Dismiss**|
203
198
|**Device type changes**| A new device type has been associated with the device. | - **Set as {…}**: Associate the new type with the device.<br />- **Dismiss**: Remove the notification. |No automatic handling|
204
199
@@ -233,7 +228,6 @@ On the on-premises management console, zone maps show all network elements relat
233
228
234
229
1. Right-click a device shown in red and select **View alerts** to jump to the **Alerts page**, with alerts filtered only for the selected device.
235
230
236
-
237
231
## Built-in device map groups
238
232
239
233
The following table lists the device groups available out-of-the-box on the OT sensor **Device map** page. [Create extra, custom groups](#create-a-custom-device-group) as needed for your organization.
@@ -257,4 +251,3 @@ The following table lists the device groups available out-of-the-box on the OT s
257
251
## Next steps
258
252
259
253
For more information, see [Investigate sensor detections in a Device Inventory](how-to-investigate-sensor-detections-in-a-device-inventory.md).
0 commit comments