You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-iot/organizations/how-to-configure-with-sentinel.md
+8-6Lines changed: 8 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,14 +2,14 @@
2
2
title: Configure Azure Sentinel with Defender for IoT for organizations
3
3
description: Explains how to configure Azure Sentinel to receive data from your Defender for IoT solution.
4
4
ms.topic: how-to
5
-
ms.date: 06/14/2021
5
+
ms.date: 11/04/2021
6
6
---
7
7
8
8
# Connect your data from Defender for IoT for organizations to Azure Sentinel (Public preview)
9
9
10
10
Use the Defender for IoT connector to stream all your Defender for IoT events into Azure Sentinel.
11
11
12
-
This integration enables organizations to quickly detect multistage attacks that often cross IT and OT boundaries. Additionally, Defender for IoT’s integration with Azure Sentinel's security orchestration, automation, and response (SOAR) capabilities enables automated response and prevention using built-in OT-optimized playbooks.
12
+
This integration enables organizations to quickly detect multistage attacks that often cross IT and OT boundaries. Additionally, Defender for IoT’s integration with Azure Sentinel's security orchestration, automation, and response (SOAR) capabilities enables automated response and prevention using built-in OT-optimized playbooks.
13
13
14
14
## Prerequisites
15
15
@@ -24,12 +24,14 @@ This integration enables organizations to quickly detect multistage attacks that
24
24
1. From the bottom of the right pane, click **Open connector page**.
25
25
26
26
1. Click **Connect**, next to each IoT Hub subscription whose alerts and device alerts you want to stream into Azure Sentinel.
27
-
- You will receive an error message if Defender for IoT is not enabled on at least one IoT Hub within a subscription. Enable Defender for IoT within the IoT Hub to remove the error.
28
27
29
-
1. You can decide whether you want the alerts from Defender for IoT to automatically generate incidents in Azure Sentinel. Under **Create incidents**, select **Enable** to enable the default analytics rule to automatically create incidents from the generated alerts. This rule can be changed or edited under **Analytics** > **Active rules**.
28
+
> [!NOTE]
29
+
> You will receive an error message if Defender for IoT is not enabled on at least one IoT Hub within that subscription. Enable Defender for IoT within the IoT Hub to remove the error.
30
+
31
+
1. You can decide whether you want the alerts from Defender for IoT to automatically generate incidents in Azure Sentinel. Under **Create incidents**, select **Enable** to enable the default analytics rule to automatically create incidents from the generated alerts. This rule can be changed or edited under **Analytics** > **Active rules**.
30
32
31
33
> [!NOTE]
32
-
> It can take 10 seconds or more for the **Subscription** list to refresh after making connection changes.
34
+
> It can take 10 seconds or more for the **Subscription** list to refresh after making connection changes.
33
35
34
36
## Log Analytics alert view
35
37
@@ -51,4 +53,4 @@ After connecting a **Subscription**, the hub data is available in Azure Sentinel
51
53
52
54
In this document, you learned how to connect Defender for IoT to Azure Sentinel. To learn more about threat detection and security data access, see the following articles:
53
55
54
-
- Learn how to use Azure Sentinel to [Quickstart: Get started with Azure Sentinel](../../sentinel/get-visibility.md).
56
+
- Learn how to use Azure Sentinel to [Quickstart: Get started with Azure Sentinel](../../sentinel/get-visibility.md)
0 commit comments