first patch

Author: Shereen-Bhar

articles/defender-for-iot/organizations/faqs-ot.md

@@ -9,18 +9,19 @@ ms.date: 07/07/2022
 
 This article provides a list of frequently asked questions and answers about OT networks in Defender for IoT.
 
-## Our organization uses proprietary non-standard industrial protocols. Are they supported? 
+## Our organization uses proprietary non-standard industrial protocols. Are they supported?
 
 Microsoft Defender for IoT provides comprehensive protocol support. In addition to embedded protocol support, you can secure IoT and OT devices running proprietary and custom protocols, or protocols that deviate from any standard. Use the Horizon Open Development Environment (ODE) SDK, to create dissector plugins that decode network traffic based on defined protocols. Traffic is analyzed by services to provide complete monitoring, alerting, and reporting. Use Horizon to:
 
 - Expand visibility and control without the need to upgrade to new versions.
-- Secure proprietary information by developing on-site as an external plugin. 
+- Secure proprietary information by developing on-site as an external plugin.
 - Localize text for alerts, events, and protocol parameters.
 
-This unique solution for developing protocols as plugins, doesn't require dedicated developer teams or version releases in order to support a new protocol. Developers, partners, and customers can securely develop protocols and share insights and knowledge using Horizon. 
+This unique solution for developing protocols as plugins, doesn't require dedicated developer teams or version releases in order to support a new protocol. Developers, partners, and customers can securely develop protocols and share insights and knowledge using Horizon.
 
 ## Do I have to purchase hardware appliances from Microsoft partners?
-Microsoft Defender for IoT sensor runs on specific hardware specs as described in the [Hardware Specifications Guide](./how-to-identify-required-appliances.md), customers can purchase certified hardware from Microsoft partners or use the supplied bill of materials  (BOM) and purchase it on their own. 
+
+Microsoft Defender for IoT sensor runs on specific hardware specs as described in the [Hardware Specifications Guide](./how-to-identify-required-appliances.md), customers can purchase certified hardware from Microsoft partners or use the supplied bill of materials  (BOM) and purchase it on their own.
 
 Certified hardware has been tested in our labs for driver stability, packet drops and network sizing.
 
@@ -33,6 +34,7 @@ Yes you can! The Microsoft Defender for IoT platform on-premises solution is dep
 The Microsoft Defender for IoT sensor connects to a SPAN port or network TAP and immediately begins collecting ICS network traffic via passive (agentless) monitoring. It has zero effect on OT networks since it isn’t placed in the data path and doesn’t actively scan OT devices.
 
 For example:
+
 - A single appliance (virtual of physical) can be in the Shop Floor DMZ layer, having all Shop Floor cell traffic routed to this layer.
 - Alternatively, locate small mini-sensors in each Shop Floor cell with either cloud or local management that will reside in the Shop Floor DMZ layer. Another appliance (virtual or physical) can monitor the traffic in the Shop Floor DMZ layer (for SCADA, Historian, or MES).
 
@@ -56,8 +58,7 @@ Change network configuration settings before or after you activate your sensor u
 - **From the sensor UI**: [Update the sensor network configuration](how-to-manage-individual-sensors.md#update-the-sensor-network-configuration)
 - **From the sensor CLI**: [Network configuration](cli-ot-sensor.md#network-configuration)
 
-For more information, see [Activate and set up your sensor](how-to-activate-and-set-up-your-sensor.md) and [Getting started with advanced CLI commands](references-work-with-defender-for-iot-cli-commands.md)
-
+For more information, see [Activate and set up your sensor](how-to-activate-and-set-up-your-sensor.md), [Getting started with advanced CLI commands](references-work-with-defender-for-iot-cli-commands.md), and [CLI command reference from OT network sensors](cli-ot-sensor.md).
 
 ## How do I check the sanity of my deployment
 
@@ -69,4 +70,4 @@ For more information, see [Troubleshoot the sensor and on-premises management co
 
 ## Next steps
 
-- [Tutorial: Get started with Microsoft Defender for IoT for OT security](tutorial-onboarding.md)
+- [Tutorial: Get started with Microsoft Defender for IoT for OT security](tutorial-onboarding.md)

articles/defender-for-iot/organizations/how-to-manage-individual-sensors.md

@@ -311,7 +311,7 @@ Sensor backup files are automatically named through the following format: `<sens
 
 ### Restore sensors
 
-You can restore a sensor from a backup file using the sensor console or the CLI.
+You can restore a sensor from a backup file using the sensor console or the CLI. For more information, see [CLI command reference from OT network sensors](cli-ot-sensor.md).
 
 **To restore from the sensor console:**
 

articles/defender-for-iot/organizations/how-to-troubleshoot-the-sensor-and-on-premises-management-console.md

@@ -53,6 +53,8 @@ System health checks include the following:
 
 Verify that the system is up and running prior to testing the system's sanity.
 
+For more information, see [CLI command reference from OT network sensors](cli-ot-sensor.md).
+
 **To test the system's sanity**:
 
 1. Connect to the CLI with the Linux terminal (for example, PuTTY) and the user *support*.

articles/defender-for-iot/organizations/manage-users-sensor.md

@@ -170,7 +170,7 @@ This procedure descries how to recover privileged access to a sensor, for the *c
 
 Use the OT sensor's CLI access to define the number of maximum failed sign-ins before an OT sensor will prevent the user from signing in again from the same IP address.
 
-For more information, see [Defender for IoT CLI users and access](references-work-with-defender-for-iot-cli-commands.md).
+For more information, see [Defender for IoT CLI users and access](references-work-with-defender-for-iot-cli-commands.md) and [CLI command reference from OT network sensors](cli-ot-sensor.md).
 
 **Prerequisites**: This procedure is available for the *cyberx* user only.
 
@@ -186,7 +186,7 @@ For more information, see [Defender for IoT CLI users and access](references-wor
 
 ## Control user session timeouts
 
-By default, on-premises users are signed out of their sessions after 30 minutes of inactivity. Admin users can use the local CLI access to either turn this feature on or off, or to adjust the inactivity thresholds. For more information, see [Defender for IoT CLI users and access](references-work-with-defender-for-iot-cli-commands.md).
+By default, on-premises users are signed out of their sessions after 30 minutes of inactivity. Admin users can use the local CLI access to either turn this feature on or off, or to adjust the inactivity thresholds. For more information, see [Defender for IoT CLI users and access](references-work-with-defender-for-iot-cli-commands.md) and [CLI command reference from OT network sensors](cli-ot-sensor.md).
 
 > [!NOTE]
 > Any changes made to user session timeouts are reset to defaults when you [update the OT monitoring software](update-ot-software.md).

articles/defender-for-iot/organizations/ot-deploy/post-install-validation-ot-software.md

@@ -11,6 +11,8 @@ After you've installed OT software on your [OT sensors](install-software-ot-sens
 
 System health validations are supported via the sensor or on-premises management console UI or CLI, and are available for both the *support* and *cyberx* users.
 
+For more information, see [CLI command reference from OT network sensors](cli-ot-sensor.md).
+
 ## General tests
 
 After installing OT monitoring software, make sure to run the following tests:

articles/defender-for-iot/organizations/references-work-with-defender-for-iot-cli-commands.md

@@ -93,7 +93,6 @@ The following tables list the activities available by CLI and the privileged use
 |Alert functionality testing     |  *cyberx*       |   [Trigger a test alert](cli-ot-sensor.md#trigger-a-test-alert)      |
 | Alert exclusion rules | *support*, *cyberx* | [Show current alert exclusion rules](cli-ot-sensor.md#show-current-alert-exclusion-rules) <br>[Create a new alert exclusion rule](cli-ot-sensor.md#create-a-new-alert-exclusion-rule)<br>[Modify an alert exclusion rule](cli-ot-sensor.md#modify-an-alert-exclusion-rule)<br>[Delete an alert exclusion rule](cli-ot-sensor.md#delete-an-alert-exclusion-rule)
 
-
 ## Defender for IoT CLI access
 
 To access the Defender for IoT CLI, sign in to your OT or Enterprise IoT sensor or your on-premises management console using a terminal emulator and SSH.
@@ -116,7 +115,6 @@ To sign out manually on an OT sensor or on-premises management console, run one
 |**cyberx**     |  `cyberx-xsense-logout`       |
 |**cyberx_host**     |   `logout`      |
 
-
 ## Next steps
 
 > [!div class="nextstepaction"]
@@ -125,5 +123,4 @@ To sign out manually on an OT sensor or on-premises management console, run one
 > [!div class="nextstepaction"]
 > [On-premises users and roles for OT monitoring](roles-on-premises.md)
 
-
 You can also control and monitor your cloud connected sensors from the Defender for IoT **Sites and sensors** page. For more information, see [Manage sensors with Defender for IoT in the Azure portal](../how-to-manage-sensors-on-the-cloud.md).

articles/defender-for-iot/organizations/release-notes.md

@@ -35,7 +35,6 @@ For more information, see [Update Defender for IoT OT monitoring software](updat
 
 Cloud features may be dependent on a specific sensor version. Such features are listed below for the relevant software versions, and are only available for data coming from sensors that have the required version installed, or higher.
 
-
 | Version / Patch |  Release date | Scope     | Supported until |
 | ------- |  ------------ | ----------- | ------------------- |
 | **22.3** | | | |
@@ -102,7 +101,6 @@ To understand whether a feature is supported in your sensor version, check the r
 
 ## Versions 22.2.x
 
-
 To update to 22.2.x versions:
 
 - **From version 22.1.x**, update directly to the latest **22.2.x** version
@@ -155,8 +153,8 @@ This version includes the following new updates and fixes:
 
 - [Device inventory enhancements in the sensor console](how-to-investigate-sensor-detections-in-a-device-inventory.md):
 
-    - Merge duplicate devices, delete single devices, and delete inactive devices by admin users
-    - **Last seen** value in the device details pane is replaced by **Last activity**
+  - Merge duplicate devices, delete single devices, and delete inactive devices by admin users
+  - **Last seen** value in the device details pane is replaced by **Last activity**
 
 - [New parameters for the *devicecves* API](api/management-integration-apis.md): `sensorId`, `score`, and `deviceIds`
 
@@ -241,7 +239,6 @@ This version includes the following new updates and fixes:
 
 This version includes the following new updates and fixes:
 
-
 - [New sensor installation wizard](how-to-install-software.md)
 
 - [Sensor redesign and unified Microsoft product experience](how-to-manage-individual-sensors.md)
@@ -252,19 +249,19 @@ This version includes the following new updates and fixes:
 
 - [Alert updates](how-to-view-alerts.md):
 
-    - Contextual data for each alert
-    - Refreshed alert statuses
-    - Alert storage updates
-    - A new **Backup Activity with Antivirus Signatures** alert
-    - Alert management changes during software updates
+  - Contextual data for each alert
+  - Refreshed alert statuses
+  - Alert storage updates
+  - A new **Backup Activity with Antivirus Signatures** alert
+  - Alert management changes during software updates
 
 - [Enhancements for creating custom alerts on the sensor](how-to-accelerate-alert-incident-response.md#create-custom-alert-rules-on-an-ot-sensor): Hit count data, advanced scheduling options, and more supported fields and protocols
 
-- [Modified CLI commands](references-work-with-defender-for-iot-cli-commands.md): Including the following new commands:
+- [Modified CLI commands](cli-ot-sensor.md): Including the following new commands:
 
-    - `sudo dpkg-reconfigure iot-sensor`
-    - `sudo dpkg-reconfigure iot-sensor`
-    - `sudo dpkg-reconfigure iot-sensor`
+  - `sudo dpkg-reconfigure iot-sensor`
+  - `sudo dpkg-reconfigure iot-sensor`
+  - `sudo dpkg-reconfigure iot-sensor`
 
 - [Refreshed update process and update log](update-ot-software.md)
 
@@ -331,7 +328,6 @@ This version includes the following new updates and fixes:
 - [Support for Webhook extended to send data to endpoints](how-to-forward-alert-information-to-partners.md#webhook-extended)
 - [Unicode support for certificate passphrases](how-to-deploy-certificates.md)
 
-
 ## Next steps
 
 For more information about the features listed in this article, see [What's new in Microsoft Defender for IoT?](whats-new.md) and [What's new archive for in Microsoft Defender for IoT for organizations](release-notes-archive.md).

articles/defender-for-iot/organizations/resources-manage-proprietary-protocols.md

@@ -13,10 +13,10 @@ You can use the Microsoft Defender for IoT Horizon SDK to develop your plugins t
 
 Horizon provides:
 
-  - Unlimited, full support for common, proprietary, custom protocols or protocols that deviate from any standard.
-  - A new level of flexibility and scope for DPI development.
-  - A tool that exponentially expands OT visibility and control, without the need to upgrade to new versions.
-  - The security of allowing proprietary development without divulging sensitive information.
+- Unlimited, full support for common, proprietary, custom protocols or protocols that deviate from any standard.
+- A new level of flexibility and scope for DPI development.
+- A tool that exponentially expands OT visibility and control, without the need to upgrade to new versions.
+- The security of allowing proprietary development without divulging sensitive information.
 
 Use the Horizon SDK to design dissector plugins that decode network traffic so it can be processed by automated Defender for IoT network analysis programs.
 
@@ -37,6 +37,8 @@ After you've developed and tested a dissector plugin for proprietary protocols,
 
 1. Sign in to your sensor machine via CLI as the *Administrator*, *Cyberx*, or *Support* user.
 
+    For more information, see [CLI command reference from OT network sensors](cli-ot-sensor.md).
+
 1. Go the `/var/cyberx/properties/horizon.properties` file and verify that the `ui.enabled` property is set to `true` (`horizon.properties:ui.enabled=true`)
 
 1. Sign in to the sensor console as the *Administrator*, *Cyberx*, or *Support*.
@@ -47,7 +49,6 @@ After you've developed and tested a dissector plugin for proprietary protocols,
 
     :::image type="content" source="media/release-notes/horizon.png" alt-text="Screenshot of the new Protocols D P I (Horizon Plugins) page." lightbox="media/release-notes/horizon.png":::
 
-
 1. Select **Upload signing certificate**, and then browse to and select the certificate you created for your plugin.
 
 1. Select **Upload protocol plugin**, and then browse to and select your plugin file.

articles/defender-for-iot/organizations/traffic-mirroring/configure-mirror-erspan.md

@@ -13,7 +13,6 @@ The sensor's monitoring interface is a promiscuous interface and does not have a
 
 Use ERSPAN encapsulation when there is a need to extend monitored traffic across Layer 3 domains. ERSPAN is a Cisco proprietary feature and is available only on specific routers and switches. For more information, see the [Cisco documentation](https://learningnetwork.cisco.com/s/article/span-rspan-erspan).
 
-
 > [!NOTE]
 > This article provides high-level guidance for configuring traffic mirroring with ERSPAN. Specific implementation details will vary depending on your equiptment vendor.
 >
@@ -79,6 +78,8 @@ no shut                            
 monitor erspan origin ip-address 172.1.2.1 global
 ```
 
+ For more information, see [CLI command reference from OT network sensors](cli-ot-sensor.md).
+
 ## Next steps
 
 For more information, see:

articles/defender-for-iot/organizations/update-ot-software.md

@@ -79,7 +79,6 @@ On-premises management software is backwards compatible, and can connect to sens
 
 For more information, see [Update an on-premises management console](#update-an-on-premises-management-console).
 
-
 # [From the Azure portal (Public preview)](#tab/portal)
 
 This procedure describes how to send a software version update to one or more OT sensors, and then run the updates remotely from the Azure portal. Bulk updates are supported for up to 10 sensors at a time.
@@ -107,9 +106,9 @@ This procedure describes how to send a software version update to one or more OT
 
     To jump to the release notes for the new version, select **Learn more** at the top of the pane.
 
-1. When you're ready, select **Send package**. The software transfer to your sensor machine is started, and you can see the progress in the **Sensor version** column. 
+1. When you're ready, select **Send package**. The software transfer to your sensor machine is started, and you can see the progress in the **Sensor version** column.
 
-    When the transfer is complete, the **Sensor version** column changes to :::image type="icon" source="media/update-ot-software/ready-to-update.png" border="false"::: **Ready to update**. 
+    When the transfer is complete, the **Sensor version** column changes to :::image type="icon" source="media/update-ot-software/ready-to-update.png" border="false"::: **Ready to update**.
 
     Hover over the **Sensor version** value to see the source and target version for your update.
 
@@ -129,7 +128,6 @@ When the **Sensor version** column for your sensors reads :::image type="icon" s
 
 If a sensor fails to update for any reason, the software reverts back to the previous version installed, and a sensor health alert is triggered. For more information, see [Understand sensor health (Public preview)](how-to-manage-sensors-on-the-cloud.md#understand-sensor-health-public-preview) and [Sensor health message reference](sensor-health-messages.md).
 
-
 # [From an OT sensor UI](#tab/sensor)
 
 This procedure describes how to manually download the new sensor software version and then run your update directly on the sensor console's UI.
@@ -204,6 +202,8 @@ The sensor update process won't succeed if you don't update the on-premises mana
 
 This procedure describes how to update OT sensor software via the CLI, directly on the OT sensor.
 
+For more information, see [CLI command reference from OT network sensors](cli-ot-sensor.md).
+
 **To update sensor software directly from the sensor via CLI**:
 
 1. Use SFTP or SCP to copy the update file to the sensor machine.
@@ -248,6 +248,7 @@ This procedure describes how to update OT sensor software via the CLI, directly
     ```bash
     tail -f /opt/sensor/logs/install.log
     ```
+
 ---
 
 > [!NOTE]
@@ -295,7 +296,6 @@ If you're upgrading from a legacy version to version 22.x or higher, make sure t
     - The sensor's **Overview** page shows an activation status of **Valid**.
     - In the Azure portal, on the **Sites and sensors** page, the sensor is listed as **OT cloud connected** and with the updated sensor version.
 
-
 ## Remove your previous sensor
 
 Your previous sensors continue to appear in the **Sites and sensors** page until you delete them. After you've applied your new activation file and updated sensor software, make sure to delete any remaining, previous sensors from Defender for IoT.