You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-iot/organizations/how-to-control-what-traffic-is-monitored.md
+20-1Lines changed: 20 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -59,11 +59,30 @@ While the OT network sensor automatically learns the subnets in your network, we
59
59
|**Clear all**| Clear all currently defined subnets. |
60
60
|**Auto subnet learning**| Selected by default. Clear this option to define your subnets manually instead of having them automatically detected by your OT sensor as new devices are detected. |
61
61
|**Resolve all Internet traffic as internal/private**| Select to consider all public IP addresses as private, local addresses. If selected, public IP addresses are treated as local addresses, and alerts aren't sent about unauthorized internet activity. <br><br>This option reduces notifications and alerts received about external addresses. |
62
-
|**ICS subnet**| Read-only. ICS/OT subnets are marked automatically when the system recognizes OT activity or protocols. |
62
+
|**ICS subnet**| Read-only. ICS/OT subnets are marked automatically when the system recognizes OT activity or protocols. If there is an OT subnet not being recognized, you can [manually define a subnet as ICS](#manually-define-a-subnet-as-ics). |
63
63
|**Segregated**| Select to show this subnet separately when displaying the device map according to Purdue level. |
64
64
65
65
1. When you're done, select **Save** to save your updates.
66
66
67
+
### Manually define a subnet as ICS
68
+
69
+
If you have an OT subnet that is not being marked automatically as an ICS subnet by the sensor, edit the device type for any of the devices in the relevant subnet to an ICS or IoT device type. The subnet will then be automatically marked by the sensor as an ICS subnet.
70
+
71
+
> [!NOTE]
72
+
> To manually change the subnet to be marked as ICS, the device type must be changed in device inventory in the OT sensor, and not from the Azure portal.
73
+
74
+
**To change the device type to manually update the subnet**:
75
+
76
+
1. Sign in to your OT sensor console and go to **Device inventory**.
77
+
78
+
1. In the device inventory grid, select a device from the relevant subnet, and then select **Edit** in the toolbar at the top of the page.
79
+
80
+
1. In the **Type** field, select a device type from the dropdown list that is listed under **ICS** or **IoT**.
81
+
82
+
The subnet will now be marked as an ICS subnet in the sensor.
83
+
84
+
For more information, see [Edit device details](how-to-investigate-sensor-detections-in-a-device-inventory.md#edit-device-details).
85
+
67
86
## Customize port and VLAN names
68
87
69
88
Use the following procedures to enrich the device data shown in Defender for IoT by customizing port and VLAN names on your OT network sensors.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments