Merge pull request #88239 from mlottner/asc-for-iot-master

video updates 9_12

Author: v-albemi

articles/asc-for-iot/concept-pricing.md

@@ -63,9 +63,10 @@ The following table provides a summary of associated costs and implications of e
 | **Log Analytics storage** |  |
 | Device recommendation and alerts| Security recommendation and alerts generated by the service | Not optional |
 | Raw security data| Raw security data from IoT devices, collected by security agents | Disable _store raw device security events_ |
+|
 
 >[!Important]
-> Opting out has severe implications to available security features.
+> Opting out has severe implications to Azure Security Center for IoT security feature availability. 
   
 | Opt out | Implications |
 | --- | --- |

articles/asc-for-iot/concept-security-alerts.md

@@ -81,8 +81,8 @@ For more details, see [Create custom alerts](quickstart-create-custom-alerts.md)
 | Medium   | Certificate deleted from an IoT Hub                                    | A certificate named \'%{DescCertificateName}\' was deleted from IoT Hub \'%{DescIoTHubName}\'. If this action was made by an unauthorized party, it may indicate a malicious activity.| 1. Make sure the certificate was removed by an authorized party. <br> 2. If the certificate was not removed by an authorized party, add the certificate back, and escalate the alert to the organizational security team. |
 | Medium   | Unsuccessful attempt detected to add a certificate to an IoT Hub     | There was an unsuccessful attempt to add certificate \'%{DescCertificateName}\' to IoT Hub \'%{DescIoTHubName}\'. If this action was made by an unauthorized party, it may indicate malicious activity.|   Make sure permissions to change certificates are only granted to authorized parties.  |
 | Medium   | Unsuccessful attempt detected to delete a certificate from an IoT Hub | There was an unsuccessful attempt to delete certificate \'%{DescCertificateName}\' from IoT Hub \'%{DescIoTHubName}\'. If this action was made by an unauthorized party, it may indicate malicious activity. |Make sure permissions to change certificates are only granted to an authorized party.
-| Low      | Attempt to add or edit a diagnostic setting of an IoT Hub detected    | Attempt to add or edit the diagnostic settings of an IoT Hub has been detected. Diagnostic settings enable you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised. If this action was not made by an authorized party, it may indicate malicious activity.  |
-| Low      | Attempt to delete a diagnostic setting from an IoT Hub detected       | There was %{DescAttemptStatusMessage}\' attempt to add or edit diagnostic setting \'%{DescDiagnosticSettingName}\' of IoT Hub \'%{DescIoTHubName}\'. Diagnostic setting enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised. If this action was not made by an authorized party, it may indicate a malicious activity. |1. Make sure the certificate was removed by an authorized party.<br> 2. If the certificate was not removed by an authorized party, add the certificate back and escalate the alert to your information security team.
+| Low      | Attempt to add or edit a diagnostic setting of an IoT Hub detected    | Attempt to add or edit the diagnostic settings of an IoT Hub has been detected. Diagnostic settings enable you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised. If this action was not made by an authorized party, it may indicate malicious activity.  |1. Make sure the certificate was removed by an authorized party.<br> 2. If the certificate was not removed by an authorized party, add the certificate back and escalate the alert to your information security team.
+| Low      | Attempt to delete a diagnostic setting from an IoT Hub detected       | There was %{DescAttemptStatusMessage}\' attempt to add or edit diagnostic setting \'%{DescDiagnosticSettingName}\' of IoT Hub \'%{DescIoTHubName}\'. Diagnostic setting enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised. If this action was not made by an authorized party, it may indicate a malicious activity. |Make sure permissions to change diagnostics settings are granted only to an authorized party.
 |
 
 ## Next steps

articles/asc-for-iot/event-aggregation.md

@@ -56,6 +56,7 @@ After analysis, Azure Security Center for IoT creates security alerts for suspic
 
 Aggregation start time, end time and hit count for each event are logged in the event **ExtraDetails** field within Log Analytics for use during investigations. 
 
+Each aggregated event represents a 24 hour period of collected alerts. Using the event options menu on the upper left of each event, you can **dismiss** each individual aggregated event.    
 
 ## Event aggregation twin configuration
 Make changes to the configuration of Azure Security Center for IoT event aggregation inside the [agent configuration object](how-to-agent-configuration.md) of the module twin identity of the **azureiotsecurity** module.

articles/asc-for-iot/how-to-agent-configuration.md

@@ -84,28 +84,28 @@ To use a default property value, remove the property from the configuration obje
 
 1. In your IoT Hub, locate and select the device you wish to change.
 
-2. Click on your device, and then on **azureiotsecurity** module.
+1. Click on your device, and then on **azureiotsecurity** module.
 
-3. Click on **Module Identity Twin**.
+1. Click on **Module Identity Twin**.
 
-4. Edit the properties you wish to change in the security module.
+1. Edit the properties you wish to change in the security module.
 
    For example, to configure connection events as high priority and collect high priority events every 7 minutes, use the following configuration.
 
-   ```json
+    ```json
     "desired": {
-      "ms_iotn:urn_azureiot_Security_SecurityAgentConfiguration": {
-        "highPriorityMessageFrequency": {
-          "value" : "PT7M"
-        },    
-        "eventPriorityConnectionCreate": {
-          "value" : "High" 
-        }
-      } 
-    }, 
+    	"ms_iotn:urn_azureiot_Security_SecurityAgentConfiguration": {
+    		"highPriorityMessageFrequency": {
+    			"value": "PT7M"
+    		},
+    		"eventPriorityConnectionCreate": {
+    			"value": "High"
+    		}
+    	}
+    }
     ```
 
-5. Click **Save**.
+1. Click **Save**.
 
 ### Using a default value
 

articles/asc-for-iot/how-to-deploy-agent.md

@@ -77,7 +77,7 @@ Answer the following questions about your IoT devices to select the correct agen
 
 - Are you using a Linux distribution with x64 architecture?
 
-    You can use either agent flavor. <br>
+    Both agent flavors can be used. <br>
     [Deploy a C-based security agent for Linux](how-to-deploy-linux-c.md) and/or 
     [Deploy a C#-based security agent for Linux](how-to-deploy-linux-cs.md).
 
@@ -97,7 +97,7 @@ The following list includes all currently supported platforms.
 |C#|Ubuntu 18.04	|x64|
 |C#|Debian 9	|x64|
 |C#|Windows Server 2016|	X64|
-|C#|Windows 10 IoT Core build 17763	|x64|
+|C#|Windows 10 IoT Core, build 17763	|x64|
 |
 
 ## Next steps

articles/asc-for-iot/index.yml

@@ -61,6 +61,11 @@ sections:
       image: 
         src: https://docs.microsoft.com/media/common/i_video.svg
         href: https://youtu.be/pq5uSp9u_x0
+    - title: Microsoft Azure Security Center for IoT - Solution
+      href: https://www.youtube.com/watch?time_continue=5&v=YOqkahQsKek
+      image: 
+        src: https://docs.microsoft.com/media/common/i_video.svg
+        href: https://www.youtube.com/watch?time_continue=5&v=YOqkahQsKek
 - title: Reference
   items:
   - type: list