You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-iot/organizations/how-to-analyze-programming-details-changes.md
+6-20Lines changed: 6 additions & 20 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,7 +1,7 @@
1
1
---
2
2
title: Analyze programming details and changes on an OT sensor - Microsoft Defender for IoT
3
3
description: Discover suspicious programming activity by investigating programming events occurring on your network devices.
4
-
ms.date: 02/27/2023
4
+
ms.date: 02/28/2023
5
5
ms.topic: how-to
6
6
---
7
7
@@ -30,7 +30,7 @@ To perform the procedures in this article, make sure that you have:
30
30
31
31
## Access programming data
32
32
33
-
The **Programming Timeline** tab can be accessed from unauthorized programming alerts, the **Device map**, the **Device inventory**, and the **Event timeline** in the sensor console.
33
+
The **Programming Timeline** tab can be accessed from the **Device map**, **Device inventory**, and **Event timeline** pages in the sensor console.
34
34
35
35
### Access programming data from the device map
36
36
@@ -58,20 +58,6 @@ The **Programming Timeline** tab can be accessed from unauthorized programming a
58
58
59
59
:::image type="content" source="media/analyze-programming/programming-timeline-window-device-inventory.png" alt-text="Screenshot of programming timeline tab on device details page." lightbox="media/analyze-programming/programming-timeline-window-device-inventory.png":::
60
60
61
-
### Access programming data from an alert
62
-
63
-
Unauthorized programming alerts are triggered when unauthorized programming devices carry out programming activities.
64
-
65
-
**To access the programming timeline from an alert**:
66
-
67
-
1. Sign into the sensor console and go to **Alerts**.
68
-
69
-
1. Filter the alerts to find the alert you want to analyze.
70
-
71
-
1. Select the alert to open the alert details pane on the right.
72
-
73
-
1. Select **Programming** to open the **Programming timeline**.
74
-
75
61
### Access programming data from the event timeline
76
62
77
63
Use the event timeline to display a timeline of events in which programming changes were detected.
@@ -86,21 +72,21 @@ Use the event timeline to display a timeline of events in which programming chan
86
72
87
73
The **Programming Timeline** tab shows details about each device that was programmed. Select an event and a file to view full programming details on the right. In the **Programming Timeline** tab:
88
74
89
-
- The **Recent Events** area lists the 50 most recent events detected by the OT sensor. Hover over an event and select the star to mark the event as an **Important** event.
75
+
- The **Recent Events** area lists the 50 most recent events detected by the OT sensor. Hover over an event period select the star to mark the event as an **Important** event.
90
76
91
77
- The **Files** area lists programming files detected for the selected device. The OT sensor can display a maximum of 300 files per device, where each file has a maximum size of 15 MB. The **Files** area lists each file's name and size, and one of the following statuses to indicate the programming event that occurred:
92
78
93
79
-**Added**: The programming file was added to the endpoint
94
-
-**Updated**: The programming file was updated on endpoint
80
+
-**Updated**: The programming file was updated on the endpoint
95
81
-**Deleted**: The programming file was removed from the endpoint
96
82
-**Unknown**: No changes were detected for the programming file
97
83
98
-
- When a programming file is opened on the right, the device that was programmed is listed as the *programmed asset*. Multiple devices may have made programming changes on the device. Details about any devices that made changes are listed as *programming assets*, including the hostname, when the change was made, and the user that was signed in to the device at the time.
84
+
- When a programming file is opened on the right, the device that was programmed is listed as the *programmed asset*. Multiple devices may have made programming changes on the device. Devices that made changes are listed as the *programming assets*, and details include the hostname, when the change was made, and the user that was signed in to the device at the time.
99
85
100
86
> [!TIP]
101
87
> Select the :::image type="icon" source="media/analyze-programming/download-icon.png" border="false"::: download button to download a copy of the currently displayed programming file.
102
88
103
-
For example:
89
+
For example:
104
90
105
91
:::image type="content" source="media/analyze-programming/programming-timeline-2.png" alt-text="Screenshot of viewing programming details in programming timeline." lightbox="media/analyze-programming/programming-timeline-2.png":::
0 commit comments