Skip to content

Commit 166dfc9

Browse files
authored
Merge pull request #88239 from mlottner/asc-for-iot-master
video updates 9_12
2 parents 68940f9 + ff4fa24 commit 166dfc9

File tree

6 files changed

+26
-19
lines changed

6 files changed

+26
-19
lines changed

articles/asc-for-iot/concept-pricing.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -63,9 +63,10 @@ The following table provides a summary of associated costs and implications of e
6363
| **Log Analytics storage** | |
6464
| Device recommendation and alerts| Security recommendation and alerts generated by the service | Not optional |
6565
| Raw security data| Raw security data from IoT devices, collected by security agents | Disable _store raw device security events_ |
66+
|
6667

6768
>[!Important]
68-
> Opting out has severe implications to available security features.
69+
> Opting out has severe implications to Azure Security Center for IoT security feature availability.
6970
7071
| Opt out | Implications |
7172
| --- | --- |

articles/asc-for-iot/concept-security-alerts.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -81,8 +81,8 @@ For more details, see [Create custom alerts](quickstart-create-custom-alerts.md)
8181
| Medium | Certificate deleted from an IoT Hub | A certificate named \'%{DescCertificateName}\' was deleted from IoT Hub \'%{DescIoTHubName}\'. If this action was made by an unauthorized party, it may indicate a malicious activity.| 1. Make sure the certificate was removed by an authorized party. <br> 2. If the certificate was not removed by an authorized party, add the certificate back, and escalate the alert to the organizational security team. |
8282
| Medium | Unsuccessful attempt detected to add a certificate to an IoT Hub | There was an unsuccessful attempt to add certificate \'%{DescCertificateName}\' to IoT Hub \'%{DescIoTHubName}\'. If this action was made by an unauthorized party, it may indicate malicious activity.| Make sure permissions to change certificates are only granted to authorized parties. |
8383
| Medium | Unsuccessful attempt detected to delete a certificate from an IoT Hub | There was an unsuccessful attempt to delete certificate \'%{DescCertificateName}\' from IoT Hub \'%{DescIoTHubName}\'. If this action was made by an unauthorized party, it may indicate malicious activity. |Make sure permissions to change certificates are only granted to an authorized party.
84-
| Low | Attempt to add or edit a diagnostic setting of an IoT Hub detected | Attempt to add or edit the diagnostic settings of an IoT Hub has been detected. Diagnostic settings enable you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised. If this action was not made by an authorized party, it may indicate malicious activity. |
85-
| Low | Attempt to delete a diagnostic setting from an IoT Hub detected | There was %{DescAttemptStatusMessage}\' attempt to add or edit diagnostic setting \'%{DescDiagnosticSettingName}\' of IoT Hub \'%{DescIoTHubName}\'. Diagnostic setting enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised. If this action was not made by an authorized party, it may indicate a malicious activity. |1. Make sure the certificate was removed by an authorized party.<br> 2. If the certificate was not removed by an authorized party, add the certificate back and escalate the alert to your information security team.
84+
| Low | Attempt to add or edit a diagnostic setting of an IoT Hub detected | Attempt to add or edit the diagnostic settings of an IoT Hub has been detected. Diagnostic settings enable you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised. If this action was not made by an authorized party, it may indicate malicious activity. |1. Make sure the certificate was removed by an authorized party.<br> 2. If the certificate was not removed by an authorized party, add the certificate back and escalate the alert to your information security team.
85+
| Low | Attempt to delete a diagnostic setting from an IoT Hub detected | There was %{DescAttemptStatusMessage}\' attempt to add or edit diagnostic setting \'%{DescDiagnosticSettingName}\' of IoT Hub \'%{DescIoTHubName}\'. Diagnostic setting enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised. If this action was not made by an authorized party, it may indicate a malicious activity. |Make sure permissions to change diagnostics settings are granted only to an authorized party.
8686
|
8787

8888
## Next steps

articles/asc-for-iot/event-aggregation.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,7 @@ After analysis, Azure Security Center for IoT creates security alerts for suspic
5656

5757
Aggregation start time, end time and hit count for each event are logged in the event **ExtraDetails** field within Log Analytics for use during investigations.
5858

59+
Each aggregated event represents a 24 hour period of collected alerts. Using the event options menu on the upper left of each event, you can **dismiss** each individual aggregated event.
5960

6061
## Event aggregation twin configuration
6162
Make changes to the configuration of Azure Security Center for IoT event aggregation inside the [agent configuration object](how-to-agent-configuration.md) of the module twin identity of the **azureiotsecurity** module.

articles/asc-for-iot/how-to-agent-configuration.md

Lines changed: 14 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -84,28 +84,28 @@ To use a default property value, remove the property from the configuration obje
8484

8585
1. In your IoT Hub, locate and select the device you wish to change.
8686

87-
2. Click on your device, and then on **azureiotsecurity** module.
87+
1. Click on your device, and then on **azureiotsecurity** module.
8888

89-
3. Click on **Module Identity Twin**.
89+
1. Click on **Module Identity Twin**.
9090

91-
4. Edit the properties you wish to change in the security module.
91+
1. Edit the properties you wish to change in the security module.
9292

9393
For example, to configure connection events as high priority and collect high priority events every 7 minutes, use the following configuration.
9494

95-
```json
95+
```json
9696
"desired": {
97-
"ms_iotn:urn_azureiot_Security_SecurityAgentConfiguration": {
98-
"highPriorityMessageFrequency": {
99-
"value" : "PT7M"
100-
},
101-
"eventPriorityConnectionCreate": {
102-
"value" : "High"
103-
}
104-
}
105-
},
97+
"ms_iotn:urn_azureiot_Security_SecurityAgentConfiguration": {
98+
"highPriorityMessageFrequency": {
99+
"value": "PT7M"
100+
},
101+
"eventPriorityConnectionCreate": {
102+
"value": "High"
103+
}
104+
}
105+
}
106106
```
107107

108-
5. Click **Save**.
108+
1. Click **Save**.
109109

110110
### Using a default value
111111

articles/asc-for-iot/how-to-deploy-agent.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,7 @@ Answer the following questions about your IoT devices to select the correct agen
7777

7878
- Are you using a Linux distribution with x64 architecture?
7979

80-
You can use either agent flavor. <br>
80+
Both agent flavors can be used. <br>
8181
[Deploy a C-based security agent for Linux](how-to-deploy-linux-c.md) and/or
8282
[Deploy a C#-based security agent for Linux](how-to-deploy-linux-cs.md).
8383

@@ -97,7 +97,7 @@ The following list includes all currently supported platforms.
9797
|C#|Ubuntu 18.04 |x64|
9898
|C#|Debian 9 |x64|
9999
|C#|Windows Server 2016| X64|
100-
|C#|Windows 10 IoT Core build 17763 |x64|
100+
|C#|Windows 10 IoT Core, build 17763 |x64|
101101
|
102102

103103
## Next steps

articles/asc-for-iot/index.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,6 +61,11 @@ sections:
6161
image:
6262
src: https://docs.microsoft.com/media/common/i_video.svg
6363
href: https://youtu.be/pq5uSp9u_x0
64+
- title: Microsoft Azure Security Center for IoT - Solution
65+
href: https://www.youtube.com/watch?time_continue=5&v=YOqkahQsKek
66+
image:
67+
src: https://docs.microsoft.com/media/common/i_video.svg
68+
href: https://www.youtube.com/watch?time_continue=5&v=YOqkahQsKek
6469
- title: Reference
6570
items:
6671
- type: list

0 commit comments

Comments
 (0)