Merge pull request #104679 from mlottner/Live-publish_1

v-albemi · web-flow · commit c151f8d08a50 · 2020-02-18T10:20:04.000-08:00
Sentinel connector release
diff --git a/articles/asc-for-iot/TOC.yml b/articles/asc-for-iot/TOC.yml
@@ -77,6 +77,8 @@
     href: how-to-security-data-access.md
   - name: Investigate a device
     href: how-to-investigate-device.md
+  - name: Connect to Azure Sentinel
+    href: how-to-configure-with-sentinel.md
   - name: Customize your solution
     href: how-to-customize-solution.md
 - name: Resources
diff --git a/articles/asc-for-iot/how-to-agent-configuration.md b/articles/asc-for-iot/how-to-agent-configuration.md
@@ -14,7 +14,7 @@ ms.devlang: na
 ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: na
-ms.date: 07/25/2019
+ms.date: 02/18/2020
 ms.author: mlottner
 
 ---
@@ -133,7 +133,6 @@ Default values are available in the proper schema in [GitHub](https\://aka.ms/io
 |Diagnostic event|eventPriorityDiagnostic| Off| False| Agent related diagnostic events. Use this event for verbose logging.| 
 |Configuration error |eventPriorityConfigurationError |Low |False |Agent failed to parse the configuration. Verify the configuration against the schema.| 
 |Dropped events statistics |eventPriorityDroppedEventsStatistics |Low |True|Agent related event statistics. |
-|Message statistics|eventPriorityMessageStatistics |Low |True |Agent related message statistics. |
 |Connected hardware|eventPriorityConnectedHardware |Low |True |Snapshot of all hardware connected to the device.|
 |Listening ports|eventPriorityListeningPorts |High |True |Snapshot of all open listening ports on the device.|
 |Process create |eventPriorityProcessCreate |Low |False |Audits process creation on the device.|
diff --git a/articles/asc-for-iot/how-to-configure-with-sentinel.md b/articles/asc-for-iot/how-to-configure-with-sentinel.md
@@ -0,0 +1,81 @@
+---
+title: Azure Security Center for IoT guide for configuration with Azure Sentinel (preview)| Microsoft Docs
+description: This how to guide explains how to configure Azure Sentinel to receive data from your Azure Security Center for IoT solution.
+services: asc-for-iot
+ms.service: asc-for-iot
+documentationcenter: na
+author: mlottner
+manager: rkarlin
+
+
+
+ms.subservice: asc-for-iot
+ms.devlang: na
+ms.topic: conceptual
+ms.tgt_pltfrm: na
+ms.workload: na
+ms.date: 02/18/2020
+ms.author: mlottner
+
+---
+
+> [!IMPORTANT]
+> The Azure Security Center for IoT data connector in Azure Sentinel is currently in public preview.
+> This feature is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. 
+> For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
+
+# Connect your data from Azure Security Center for IoT to Azure Sentinel (preview) 
+
+In this guide, learn how to connect your Azure Security Center for IoT data to Azure Sentinel.  
+
+> [!div class="checklist"]
+> * Prerequisites 
+> * Connection settings
+> * Log Analytics alert view 
+
+Connect alerts from Azure Security Center for IoT and stream them directly into Azure Sentinel.
+
+## Prerequisites
+
+- You must have Workspace **read** and **write** permissions.
+- **Azure Security Center for IoT** must be **enabled** on your relevant IoT Hub(s).
+- You must have both **read** and **write** permissions on the **Azure IoT Hub** you wish to connect.
+- You must also have **read** and **write** permissions on the **Azure IoT Hub resource group**.
+
+> [!NOTE]
+> You must have the Azure Security Center Standard tier licensing running on your subscription to send general Azure resource alerts. With the free tier licensing required for Azure Security Center for IoT, only Azure Security Center for IoT related alerts will be forwarded to Azure Sentinel. 
+
+## Connect to Azure Security Center for IoT
+
+1. In Azure Sentinel, select **Data connectors** and then click the **Azure Security Center for IoT** tile.
+1. From the bottom right pane, click **Open connector page**. 
+1. Click **Connect**, next to each IoT Hub subscription whose alerts and device alerts you want to stream into Azure Sentinel. 
+    - If Azure Security Center for IoT is not enabled on that Hub, you’ll see an Enable warning message. Click the **Enable** link to start the service. 
+1. You can decide whether you want the alerts from Azure Security Center for IoT to automatically generate incidents in Azure Sentinel. Under **Create incidents**,  select **Enable** to enable the default analytic rule to create incidents automatically from alerts generated in the connected security service.This rule can be changed or edited under **Analytics** > **Active** rules.
+
+> [!NOTE]
+>It can take 10 seconds or more to refresh the hub list after making connection changes. 
+
+## Log Analytics alert display
+
+To use the relevant schema in Log Analytics to display  the Azure Security Center for IoT alerts:
+
+1. Open **Logs** > **SecurityInsights** > **SecurityAlert**, or search for **SecurityAlert**. 
+2. Filter to see only Azure Security Center for IoT generated alerts using the following kql filter:
+
+```kusto
+SecurityAlert | where ProductName == "Azure Security Center for IoT"
+``` 
+
+### Service notes
+
+After connecting an IoT Hub, the hub data is available in Azure Sentinel approximately 15 minutes later.
+
+
+## Next steps
+
+In this document, you learned how to connect Azure Security Center for IoT to Azure Sentinel. To learn more about threat detection and security data access, see the following articles:
+
+- Learn how to use Azure Sentinel to [get visibility into your data, and potential threats](https://docs.microsoft.com/azure/sentinel/quickstart-get-visibility).
+
+- Learn how to [Access your IoT security data](how-to-security-data-access.md)
diff --git a/articles/asc-for-iot/how-to-customize-solution.md b/articles/asc-for-iot/how-to-customize-solution.md
@@ -29,7 +29,7 @@ In this guide, learn how to customize different settings in Azure Security Cente
 
 ## Change settings
 
-"Manage your Azure Security Center for IoT setting:
+Manage your Azure Security Center for IoT setting:
 
 On your IoT Hub, go to the security overview blade 
  on the top left corner, see "settings" 
diff --git a/articles/asc-for-iot/overview.md b/articles/asc-for-iot/overview.md
@@ -1,14 +1,15 @@
 ---
 title: What is Azure Security Center for IoT | Microsoft Docs
 description: Learn more about Azure Security Center for IoT features and services, and understand how Azure Security Center for IoT provides comprehensive IoT security.
+
 services: asc-for-iot
 ms.service: asc-for-iot
 documentationcenter: na
 author: mlottner
 manager: rkarlin
 editor: ''
 
-ms.assetid: 2cf6a49b-5d35-491f-abc3-63ec24eb4bc2
+
 ms.subservice: asc-for-iot
 ms.devlang: na
 ms.topic: conceptual
@@ -24,7 +25,7 @@ ms.author: mlottner
 
 Unify security management and enable end-to-end threat detection and analysis across hybrid cloud workloads and your Azure IoT solution. 
 
-## Secure your entire IoT solution from IoT devices to Azure cloud.
+## Secure your entire IoT solution from IoT devices to Azure cloud
 
 Choose from our seamless agentless solution or take advantage of agent-based comprehensive security, Azure Security Center for IoT provides threat prevention and analysis for every device, IoT Edge and IoT Hub, across your IoT assets.
 
