Skip to content

Commit 65e2ae3

Browse files
prmerger-automator[bot]prmerger-automator[bot]
authored
Merge pull request #247446 from batamig/alert-dedup
D4IoT alert dedup
2 parents 0789352 + 4182a40 commit 65e2ae3

File tree

1 file changed

+10
-1
lines changed
  • articles/defender-for-iot/organizations

1 file changed

+10
-1
lines changed

articles/defender-for-iot/organizations/alerts.md

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
---
22
title: Microsoft Defender for IoT alerts
33
description: Learn about Microsoft Defender for IoT alerts across the Azure portal, OT network sensors, and on-premises management consoles.
4-
ms.date: 12/12/2022
4+
ms.date: 08/06/2023
55
ms.topic: how-to
66
ms.custom: enterprise-iot
77
---
@@ -32,11 +32,20 @@ While you can view alert details, investigate alert context, and triage and mana
3232
|**OT network sensor consoles** | Alerts generated by that OT sensor | - View the alert's source and destination in the **Device map** <br>- View related events on the **Event timeline** <br>- Forward alerts directly to partner vendors <br>- Create alert comments <br> - Create custom alert rules <br>- Unlearn alerts |
3333
|**An on-premises management console** | Alerts generated by connected OT sensors | - Forward alerts directly to partner vendors <br> - Create alert exclusion rules |
3434

35+
> [!TIP]
36+
> Any alerts generated from different sensors in the same zone within a 10-minute timeframe, with the same type, status, alert protocol, and associated devices, are listed as a single, unified alert.
37+
>
38+
> - The 10-minute timeframe is based on the alert's *first detection* time.
39+
> - The single, unified alert lists all of the sensors that detected the alert.
40+
> - Alerts are combined based on the *alert* protocol, and not the device protocol.
41+
>
42+
3543
For more information, see:
3644

3745
- [Alert data retention](references-data-retention.md#alert-data-retention)
3846
- [Accelerating OT alert workflows](#accelerating-ot-alert-workflows)
3947
- [Alert statuses and triaging options](alerts.md#alert-statuses-and-triaging-options)
48+
- [Plan OT sites and zones](best-practices/plan-corporate-monitoring.md#plan-ot-sites-and-zones)
4049

4150
Alert options also differ depending on your location and user role. For more information, see [Azure user roles and permissions](roles-azure.md) and [On-premises users and roles](roles-on-premises.md).
4251

0 commit comments

Comments
 (0)