MicrosoftDocs
diff --git a/‎articles/defender-for-iot/organizations/media/tutorial-clearpass/create-rule.png
53.5 KB b/‎articles/defender-for-iot/organizations/media/tutorial-clearpass/create-rule.png
53.5 KB
diff --git a/‎articles/defender-for-iot/organizations/media/tutorial-clearpass/last-sync.png
7.13 KB b/‎articles/defender-for-iot/organizations/media/tutorial-clearpass/last-sync.png
7.13 KB
diff --git a/‎articles/defender-for-iot/organizations/tutorial-clearpass.md
Lines changed: 17 additions & 24 deletions b/‎articles/defender-for-iot/organizations/tutorial-clearpass.md
Lines changed: 17 additions & 24 deletions
@@ -4,7 +4,7 @@ description: In this tutorial, you will learn how to integrate Microsoft Defende
 author: ElazarK
 ms.author: v-ekrieg
 ms.topic: tutorial
-ms.date: 11/09/2021
+ms.date: 02/07/2022
 ms.custom: template-tutorial
 ---
 
@@ -129,14 +129,10 @@ To enable viewing the device inventory in ClearPass, you need to set up Defender
 
 **To configure ClearPass sync on the Defender for IoT sensor**:
 
-1. In the Defender for IoT sensor, select **System Settings** from the left side panel.
-
-1. In the **System Settings** pane, select :::image type="content" source="media/tutorial-clearpass/clearpass-icon.png" alt-text="Screenshot of the ClearPass icon from the left side.":::.
+1. In the Defender for IoT sensor, select **System settings** > **Integrations** > **ClearPass**.
 
 1. Set the following parameters:
 
-    :::image type="content" source="media/tutorial-clearpass/settings.png" alt-text="Screenshot of the fill out the required information in the System Settings pane.":::
-
     - **Enable Sync:** Enable the sync between Defender for IoT and ClearPass
 
     - **Sync Frequency:** Define the sync frequency in minutes. The default is 60 minutes. The minimum is 5 minutes.
@@ -159,39 +155,36 @@ To enable viewing the alerts discovered by Defender for IoT in Aruba, you need t
 
 **To define a ClearPass forwarding rule on the Defender for IoT sensor**:
 
-1. In the Defender for IoT sensor, select **Forwarding** from the left panel.
-
-1. In the **Forwarding** pane, select **Create Forwarding Rule**.
-
-    :::image type="content" source="media/tutorial-clearpass/forwarding.png" alt-text="Screenshot of the Forwarding pane with all of its options.":::
+1. In the Defender for IoT sensor, select **Forwarding** and then select **Create new rule**.
 
-1. Add the name, and the severity of the rule, and then from the **Action** drop-down list, select **Send to** > **ClearPass**.
+1. Define a rule name.
 
-    :::image type="content" source="media/tutorial-clearpass/rule.png" alt-text="Screenshot of the create a Forwarding Rule.":::
+1. Define the rule conditions.
 
-1. In the **Actions** pane, set the following parameters:
+1. In the Actions section, select **ClearPass**.
 
-    :::image type="content" source="media/tutorial-clearpass/actions.png" alt-text="Select your actions from the Actions pane.":::
+    :::image type="content" source="media/tutorial-clearpass/create-rule.png" alt-text="Screenshot of, create a Forwarding Rule window.":::
 
-    | Parameter | Description |
-    |--|--|
-    | **Host** | Type the ClearPass server IP address. |
-    | **Port** | Type the port of the ClearPass on which the forwarding is done. |
-    | **Configure** | Set-up the following options to allow viewing of Defender for IoT alerts in the ClearPass system: <br />- **Report illegal function codes:** Protocol violations - Illegal field value violating ICS protocol specification (potential exploit).<br />- **Report unauthorized PLC programming and firmware updates:** Unauthorized PLC changes.<br />- **Report unauthorized PLC stop:** PLC stop (downtime).<br />- **Report malware related alerts:** Industrial malware attempts, such as TRITON, NotPetya.<br />- **Report unauthorized scanning:** Unauthorized scanning (potential reconnaissance). |
+1. In the **Host** field, define the ClearPass server IP and port to send alert information.
+1. Define which alert information you want to forward.
+    - **Report illegal function codes:** Protocol violations - Illegal field value violating ICS protocol specification (potential exploit).
+    -  **Report unauthorized PLC programming and firmware updates:** Unauthorized PLC changes.
+    -  **Report unauthorized PLC stop:** PLC stop (downtime). 
+    - **Report malware related alerts:** Industrial malware attempts, such as TRITON, NotPetya. 
+    - **Report unauthorized scanning:** Unauthorized scanning (potential reconnaissance)
+1. Select **Save**.
 
-1. Select **Submit**.
 
 ## Monitor ClearPass and Defender for IoT communication
 
 Once the sync has started, endpoint data is populated directly into the Policy Manager EndpointDb, you can view the last update time from the integration configuration screen.
 
-**To review the Last Sync time to ClearPass**:
+**To review the last sync time to ClearPass**:
 
 1. Sign in to the Defender for IoT sensor.
 
-1. Select **System Settings** from the left side panel.
+1. Select **System settings** > **Integrations** > **ClearPass**.
 
-1. Select **ClearPass**.
 
     :::image type="content" source="media/tutorial-clearpass/last-sync.png" alt-text="Screenshot of the view the time and date of your last sync.":::