Merge pull request #3 from batamig/patch-260

Shereen-Bhar · web-flow · commit 3d6fede62915 · 2022-11-29T10:08:10.000+02:00
suggestion for how to rework this page
diff --git a/articles/defender-for-iot/organizations/how-to-create-risk-assessment-reports.md b/articles/defender-for-iot/organizations/how-to-create-risk-assessment-reports.md
@@ -1,107 +1,101 @@
 ---
-title: Create risk assessment reports
-description: Gain insight into network risks detected by individual sensors or an aggregate view of risks detected by all sensors.
+title: Create risk assessment reports on an OT sensor - Microsoft Defender for IoT
+description: Gain insight into network risks detected by individual Defender for IoT OT sensors or an aggregate view of risks detected by all OT sensors.
 ms.date: 02/03/2022
 ms.topic: how-to
 ---
 
 # Risk assessment reporting
 
-## About risk assessment reports
+Risk assessment reports, generated by Defender for IoT OT network sensors and on-premises management consoles, provide details about security scores, vulnerabilities, and operational issues on detected devices as well as risks coming from imported firewall rules.
 
-Risk assessment reports provide:
+Take action based on the recommendations provided in the risk assesment reports to improve your overall network security score. For example, you might install the latest security or firmware updates, or investigate any PLCs that are currently in unsecure states.
 
-- An overall security score for the devices detected by organizational sensors.
+Each sensor has access to reports generated for that sensor, while the on-premises management console allows you view reports from all connected sensors from the same page. The on-premises management console also supports customizations for the logo that appears in your report.
 
-- A security score for each network device detected by an individual sensor.
+## Prerequisites
 
-- A breakdown of the number of vulnerable devices, devices that need improvement and secure devices.
+- You must be an **Admin** user to import firewall rules to an OT sensor or add backup and anti-virus server addresses. <!--need to check this-->.
 
-- Data about firewall rule risk. Defender for IoT [imports firewall rules](how-to-set-up-your-network.md#import-firewall-rules) from supported vendors and analyzes them. The Risk Assessment report highlights if a rule is not secure, or if there's a mismatch between the rule and the monitored network. For example:
+- You must be an **Admin** or **Security Analyst** user to create or view risk assesment reports on the OT sensor or on-premises management console.
 
-    :::image type="content" source="media/how-to-create-risk-assessment-reports/weak-firewall-rule.png" alt-text="Screenshot of a weak firewall rule that appears in a risk assessment report." lightbox="media/how-to-create-risk-assessment-reports/weak-firewall-rule.png":::
+## Import firewall rules to a OT sensor
 
--  Insight into security and operational issues:
+<!--put the firewall rules procedure here-->
 
-    - Configuration issues
+## Add backup and anti-virus server addresses to your sensor
 
-    - Device vulnerability prioritized by security level
+Backup and anti-virus servers are not defined on your sensor by default. We recommend defining these addresses on your sensor to keep your network risk assesment low.
 
-    - Network security issues
+**To add backup and anti-virus server addresses**:
 
-    - Network operational issues
+1. Sign into your OT sensor and select **System Settings** > **System Properties** > **Vulnerability Assessment**.
+1. Add your backup and anti-virus server addresses to the **backup_servers** and **AV_addresses** fields, respectively. Use commas to separate multiple addresses.
+1. Select **Save** to save your changes.
 
-    - Connections to ICS networks
+## Create and view risk assessment reports for a specific sensor
 
-    - Internet connections
+Use an individual OT sensor to view reports generated for that sensor only.
 
-    - Industrial malware indicators
+**To generate a report**: 
 
-    - Protocol issues
+1. Sign in to the sensor console and select **Risk assesment** > **Generate report**. The report is generated and appears in the **Reports list**, along with the timestamp and report size.
 
-    - Attack vectors
+    Reports are automatically named `risk-assesment-report-<integer>`, where the `<integer>` is incremented automatically.
 
-### Risk mitigation
+1. Select the report name to download it and open it in your browser.
 
-Reports provide recommendations to help you improve your security score. For example:
-- Install the latest security updates.
-- Upgrade firmware to the latest version.
-- Investigate PLCs in unsecure states.
+## Create and view risk assesment reports for multiple sensors
 
-## About security scores
+Use an on-premises management console to create and view risk assesment reports for all connected sensors, or to customize your report logo.
 
-Overall network security score is generated in each report. The score represents the percentage of 100 percent security. For example, a score of 30% would indicate that your network 30% secure.
+**To generate a report**:
 
-Risk Assessment scores are based on information learned from packet inspection, behavioral modeling engines, and a SCADA-specific state machine design.
+1. Sign in to your on-premises management console and select **Risk assesment**.
 
-**Secure Devices** are devices with a security score above 90%.
+1. To customize the logo that appears on your report, select **Import logo**. Browse to and select the logo file you want to use.
 
-**Devices Needing Improvement**: Devices with a security score between 70 percent and 89%.
+1. From the **Select Sensor** drop-down menu, select the sensor for which you want to generate the report, and then select **Generate Report**.
 
-**Vulnerable Devices** are devices with a security score below 70%.
+    A new report is listed in the **Archived Reports** area, listed by the time and date it was created, and showing the security score and report size.
+    
+1. Select **Download** to download a report and open it in your browser.
 
-### About backup and anti-virus servers
+## Risk assesment report contents
 
-The risk assessment score may be negatively impacted if you don't define backup and anti-virus server addresses in your sensor. Adding these addresses improves your score. By default these addresses aren't defined.
-The Risk Assessment report cover page will indicate if backup servers and anti-virus servers are not defined.
+Risk assessment reports include the following details:
 
-**To add servers:**
+- An overall security score for all detected devices, and a security score for each individual device.
 
-1. Select **System Settings** and then select **System Properties**.
-1. Select **Vulnerability Assessment** and add the addresses to **backup_servers** and **AV_addresses** fields. Use commas to separate multiple addresses.  separated by commas.  
-1. Select **Save**.
+    Security scores are based on data learned from packet inspection, behavioral modeling engines, and a SCADA-specific state machine design, and are categorized as follows:
 
-## Create risk assessment reports
+    - **Secure Devices** are devices with a security score above 90%.
 
-Create a risk assessment report based on detections made by the sensor you are logged into. The report name is automatically generated as risk-assessment-report-1.pdf. The number is updated for each new report you create.  The time and day of creation are displayed.
+    - **Devices Needing Improvement**: Devices with a security score between 70 percent and 89%.
 
-**To create a report:**
+    - **Vulnerable Devices** are devices with a security score below 70%.
 
-1. Sign in to the sensor console.
-1. Select **Risk assessment** on the side menu.
-1. Select **Generate report**. The report appears in the Saved Reports section.
-1. Select the report from the Saved Reports section to download it.
+- Insight into any of the following security and operational issues: <!--im not really even sure how much this list is helpful. it doesn't really tell me much.-->
 
-**To import a company logo:**
+    :::row:::
+        :::column span="":::
+        - Configuration issues
+        - Device vulnerability, prioritzed by security level
+        - Network security issues
+        - Network operational issues
+        :::column-end:::
+        :::column span="":::
+        - Connections to ICS networks
+        - Internet connections
+        - Industrial malware indicators
+        - Protocol issues
+        - Attack vectors
+        :::column-end:::
+    :::row-end:::
 
-1. Select **Import logo**.
-1. Choose a logo to add to the header of your Risk assessment reports.
+If you've imported firewall data to your sensor, the risk assessment reports also include data about firewall rule risk, based on the imported rules. The Risk Assessment report highlights if a rule is not secure, or if there's a mismatch between the rule and the monitored network.
 
-### Create an on-premises management console risk assessment report
-
-Create a risk assessment report based on detections made by sensors that are managed by your on-premises management console.
-
-**To create a report:**
-
-1. Select **Risk Assessment** on the side menu.
-2. Select a sensor from the **Select sensor** drop-down list.
-3. Select **Generate Report**.
-4. Select **Download** from the **Archived Reports** section.
-
-**To import a company logo:**
-
-1. Select **Import logo**.
-1. Choose a logo to add to the header of your Risk assessment reports.
+<!--i don't really think that this screenshot is helpful out of context. we don't show screenshots for any other part of the report.-->
 
 ## Next steps
 
