You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-iot/organizations/whats-new.md
-81Lines changed: 0 additions & 81 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -744,87 +744,6 @@ The following Defender for IoT options and configurations have been moved, remov
744
744
745
745
- Changing a locally managed sensor name is now supported only by onboarding the sensor to the Azure portal again with the new name. Sensor names can no longer be changed directly from the sensor. For more information, see [Change the name of a sensor](how-to-manage-individual-sensors.md#change-the-name-of-a-sensor).
746
746
747
-
748
-
## December 2021
749
-
750
-
**Sensor software version**: 10.5.4
751
-
752
-
-[Enhanced integration with Microsoft Sentinel (Preview)](#enhanced-integration-with-microsoft-sentinel-preview)
### Enhanced integration with Microsoft Sentinel (Preview)
757
-
758
-
The new **IoT OT Threat Monitoring with Defender for IoT solution** is available and provides enhanced capabilities for Microsoft Defender for IoT integration with Microsoft Sentinel. The **IoT OT Threat Monitoring with Defender for IoT solution** is a set of bundled content, including analytics rules, workbooks, and playbooks, configured specifically for Defender for IoT data. This solution currently supports only Operational Networks (OT/ICS).
759
-
760
-
For information on integrating with Microsoft Sentinel, see [Tutorial: Integrate Defender for Iot and Sentinel](../../sentinel/iot-solution.md?tabs=use-out-of-the-box-analytics-rules-recommended)
761
-
762
-
### Apache Log4j vulnerability
763
-
764
-
Version 10.5.4 of Microsoft Defender for IoT mitigates the Apache Log4j vulnerability. For details, see [the security advisory update](https://techcommunity.microsoft.com/t5/microsoft-defender-for-iot/updated-15-dec-defender-for-iot-security-advisory-apache-log4j/m-p/3036844).
765
-
766
-
### Alerting
767
-
768
-
Version 10.5.4 of Microsoft Defender for IoT delivers important alert enhancements:
769
-
770
-
- Alerts for certain minor events or edge-cases are now disabled.
771
-
- For certain scenarios, similar alerts are minimized in a single alert message.
772
-
773
-
These changes reduce alert volume and enable more efficient targeting and analysis of security and operational events.
774
-
775
-
For more information, see [OT monitoring alert types and descriptions](alert-engine-messages.md).
776
-
777
-
#### Alerts permanently disabled
778
-
779
-
The alerts listed below are permanently disabled with version 10.5.4. Detection and monitoring are still supported for traffic associated with the alerts.
780
-
781
-
**Policy engine alerts**
782
-
783
-
- RPC Procedure Invocations
784
-
- Unauthorized HTTP Server
785
-
- Abnormal usage of MAC Addresses
786
-
787
-
#### Alerts disabled by default
788
-
789
-
The alerts listed below are disabled by default with version 10.5.4. You can re-enable the alerts from the Support page of the sensor console, if necessary.
790
-
791
-
**Anomaly engine alert**
792
-
- Abnormal Number of Parameters in HTTP Header
793
-
- Abnormal HTTP Header Length
794
-
- Illegal HTTP Header Content
795
-
796
-
**Operational engine alerts**
797
-
- HTTP Client Error
798
-
- RPC Operation Failed
799
-
800
-
**Policy engine alerts**
801
-
802
-
Disabling these alerts also disables monitoring of related traffic. Specifically, this traffic won't be reported in Data Mining reports.
803
-
804
-
- Illegal HTTP Communication alert and HTTP Connections Data Mining traffic
805
-
- Unauthorized HTTP User Agent alert and HTTP User Agents Data Mining traffic
806
-
- Unauthorized HTTP SOAP Action and HTTP SOAP Actions Data Mining traffic
807
-
808
-
#### Updated alert functionality
809
-
810
-
**Unauthorized Database Operation alert**
811
-
Previously, this alert covered DDL and DML alerting and Data Mining reporting. Now:
812
-
- DDL traffic: alerting and monitoring are supported.
813
-
- DML traffic: Monitoring is supported. Alerting isn't supported.
814
-
815
-
**New Asset Detected alert**
816
-
This alert is disabled for new devices detected in IT subnets. The New Asset Detected alert is still triggered for new devices discovered in OT subnets. OT subnets are detected automatically and can be updated by users if necessary.
817
-
818
-
### Minimized alerting
819
-
820
-
Alert triggering for specific scenarios has been minimized to help reduce alert volume and simplify alert investigation. In these scenarios, if a device performs repeated activity on targets, an alert is triggered once. Previously, a new alert was triggered each time the same activity was carried out.
821
-
822
-
This new functionality is available on the following alerts:
823
-
824
-
- Port Scan Detected alerts, based on activity of the source device (generated by the Anomaly engine)
825
-
- Malware alerts, based on activity of the source device. (generated by the Malware engine).
826
-
- Suspicion of Denial of Service Attack alerts, based on activity of the destination device (generated by the Malware engine)
827
-
828
747
## Next steps
829
748
830
749
[Getting started with Defender for IoT](getting-started.md)
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments