Merge pull request #187400 from shhazam-ms/Risk-Assessment-and-Attack-vector---Sensor-redesign

Risk Assessment and Attack Vector Reports: sensor redesign

Author: jborsecnik

articles/defender-for-iot/organizations/how-to-create-attack-vector-reports.md

@@ -1,7 +1,7 @@
 ---
 title: Create attack vector reports
 description: Attack vector reports provide a graphical representation of a vulnerability chain of exploitable devices.
-ms.date: 11/09/2021
+ms.date: 02/03/2022
 ms.topic: how-to
 ---
 
@@ -13,26 +13,25 @@ Attack vector reports provide a graphical representation of a vulnerability chai
 
 Working with the attack vector lets you evaluate the effect of mitigation activities in the attack sequence. You can then determine, for example, if a system upgrade disrupts the attacker's path by breaking the attack chain, or if an alternate attack path remains. This information helps you prioritize remediation and mitigation activities.
 
-:::image type="content" source="media/how-to-generate-reports/control-center.png" alt-text="View your alerts in the control center.":::
-
 > [!NOTE]
 > Administrators and security analysts can perform the procedures described in this section.
 
 ## Create an attack vector report
 
-To create an attack vector simulation:
+This section describes how to create Attack Vector reports.
 
-1. Select :::image type="content" source="media/how-to-generate-reports/plus.png" alt-text="Plus sign":::on the side menu to add a Simulation.
+**To create an attack vector simulation:**
 
- :::image type="content" source="media/how-to-generate-reports/vector.png" alt-text="The attack vector simulation.":::
+1. Select **Attack vector** from the sensor side menu. 
+1. Select **Add simulation**.
 
 2. Enter simulation properties:
 
    - **Name**: Simulation name.
 
    - **Maximum vectors**: The maximum number of vectors in a single simulation.
 
-   - **Show in Device map**: Show the attack vector as a filter on the device map.
+   - **Show in Device map**: Show the attack vector as a group in the Device map.
 
    - **All Source devices**: The attack vector will consider all devices as an attack source.
 
@@ -46,19 +45,15 @@ To create an attack vector simulation:
 
    - **Exclude Subnets**: Specified subnets will be excluded from the attack vector simulation.
 
-3. Select **Add Simulation**. The simulation will be added to the simulations list.
-
-   :::image type="content" source="media/how-to-generate-reports/new-simulation.png" alt-text="Add a new simulation.":::
-
-4. Select :::image type="icon" source="media/how-to-generate-reports/edit-a-simulation-icon.png" border="false"::: if you want to edit the simulation.
-
-   Select :::image type="icon" source="media/how-to-generate-reports/delete-simulation-icon.png" border="false"::: if you want to delete the simulation.
-
-   Select :::image type="icon" source="media/how-to-generate-reports/make-a-favorite-icon.png" border="false"::: if you want to mark the simulation as a favorite.
+3. Select **Save**.
+1. Select the report that is saved from the Attack vector page and review:
+    - network attack paths and insights
+    - a risk score
+    - source and target devices
+    -  a graphical representation of attack vectors
 
-5. A list of attack vectors appears and includes vector score (out of 100), attack source device, and attack target device. Select a specific attack for graphical depiction of attack vectors.
+   :::image type="content" source="media/how-to-generate-reports/sample-attack-vectors.png" alt-text="Screen shot of Attack vectors report.":::
 
-   :::image type="content" source="media/how-to-generate-reports/sample-attack-vectors.png" alt-text="Attack vectors.":::
 
 ## See also
 

articles/defender-for-iot/organizations/how-to-create-risk-assessment-reports.md

@@ -1,7 +1,7 @@
 ---
 title: Create risk assessment reports
 description: Gain insight into network risks detected by individual sensors or an aggregate view of risks detected by all sensors.
-ms.date: 11/09/2021
+ms.date: 02/03/2022
 ms.topic: how-to
 ---
 
@@ -50,62 +50,54 @@ Overall network security score is generated in each report. The score represents
 
 Risk Assessment scores are based on information learned from packet inspection, behavioral modeling engines, and a SCADA-specific state machine design.
 
-**Secure Devices** are devices with a security score above 90 %.
+**Secure Devices** are devices with a security score above 90%.
 
-**Devices Needing Improvement**: Devices with a security score between 70 percent and 89 %.
+**Devices Needing Improvement**: Devices with a security score between 70 percent and 89%.
 
-**Vulnerable Devices** are devices with a security score below 70 %.
+**Vulnerable Devices** are devices with a security score below 70%.
 
 ### About backup and anti-virus servers
 
-The risk assessment score may be negatively impacted if you do not define backup and anti-virus server addresses in your sensor. Adding these addresses improves your score. By default these addresses are not defined.
+The risk assessment score may be negatively impacted if you don't define backup and anti-virus server addresses in your sensor. Adding these addresses improves your score. By default these addresses aren't defined.
 The Risk Assessment report cover page will indicate if backup servers and anti-virus servers are not defined.
 
 **To add servers:**
 
 1. Select **System Settings** and then select **System Properties**.
 1. Select **Vulnerability Assessment** and add the addresses to **backup_servers** and **AV_addresses** fields. Use commas to separate multiple addresses.  separated by commas.  
 1. Select **Save**.
-## Create risk assessment reports
-
-Create a PDF risk assessment report. The report name is automatically generated as risk-assessment-report-1.pdf. The number is updated for each new report you create.  The time and day of creation are displayed.
-
-### Create a sensor risk assessment report
 
-Create a risk assessment report based on detections made by the sensor you are logged into.
+## Create risk assessment reports
 
-To create a report:
+Create a risk assessment report based on detections made by the sensor you are logged into. The report name is automatically generated as risk-assessment-report-1.pdf. The number is updated for each new report you create.  The time and day of creation are displayed.
 
-1. Login to the sensor console.
-1. Select **Risk Assessment** on the side menu.
-1. Select **Generate Report**. The report appears in the Archived Reports section.
-1. Select the report from the Archived Reports section to download it.
+**To create a report:**
 
-:::image type="content" source="media/how-to-generate-reports/risk-assessment.png" alt-text="A view of the risk assessment.":::
+1. Sign in to the sensor console.
+1. Select **Risk assessment** on the side menu.
+1. Select **Generate report**. The report appears in the Saved Reports section.
+1. Select the report from the Saved Reports section to download it.
 
-To import a company logo:
+**To import a company logo:**
 
-- Select **Import Logo**.
+1. Select **Import logo**.
+1. Choose a logo to add to the header of your Risk assessment reports.
 
 ### Create an on-premises management console risk assessment report
 
-Create a risk assessment report based on detections made by the any of the sensors managed by your on-premises management console. 
+Create a risk assessment report based on detections made by sensors that are managed by your on-premises management console.
 
-To create a report:
+**To create a report:**
 
 1. Select **Risk Assessment** on the side menu.
-
 2. Select a sensor from the **Select sensor** drop-down list.
-
 3. Select **Generate Report**.
-
 4. Select **Download** from the **Archived Reports** section.
 
-To import a company logo:
-
-- Select **Import Logo**.
+**To import a company logo:**
 
-:::image type="content" source="media/how-to-generate-reports/import-logo-screenshot.png" alt-text="Import your logo through the risk assessment view.":::
+1. Select **Import logo**.
+1. Choose a logo to add to the header of your Risk assessment reports.
 
 ## See also