Merge pull request #232579 from MicrosoftDocs/release-d4iot-deployment-plus

[RELEASE PUBLISH] Release d4iot deployment plus

Author: huypub

articles/defender-for-iot/organizations/TOC.yml

@@ -8,7 +8,7 @@ ms.custom: enterprise-iot
 
 # Microsoft Defender for IoT alerts
 
-Microsoft Defender for IoT alerts enhance your network security and operations with real-time details about events logged in your network. Alerts are messages that a Defender for IoT engine triggers when OT or Enterprise IoT network sensors detect changes or suspicious activity in network traffic that needs your attention.
+Microsoft Defender for IoT alerts enhance your network security and operations with real-time details about events logged in your network. Alerts are triggered when OT or Enterprise IoT network sensors detect changes or suspicious activity in network traffic that needs your attention.
 
 For example:
 
@@ -111,14 +111,22 @@ Use the following table to learn more about each alert status and triage option.
 |**Active**     |    - Azure portal only     |   Set an alert to *Active* to indicate that an investigation is underway, but that the alert can't yet be closed or otherwise triaged. <br><br>This status has no effect elsewhere in Defender for IoT.      |
 |**Closed**     | - Azure portal <br><br>- OT network sensors <br><br>- On-premises management console        | Close an alert to indicate that it's fully investigated, and you want to be alerted again the next time the same traffic is detected.<br><br>Closing an alert adds it to the sensor event timeline.<br><br>On the on-premises management console, *New* alerts are called *Acknowledged*.   |
 |**Learn**     | - Azure portal <br><br>- OT network sensors <br><br>- On-premises management console <br><br>*Unlearning* an alert is available only on the OT sensor.       |   Learn an alert when you want to close it and add it as allowed traffic, so that you aren't alerted again the next time the same traffic is detected. <br><br>For example, when the sensor detects firmware version changes following standard maintenance procedures, or when a new, expected device is added to the network. <br><br>Learning an alert closes the alert and adds an item to the sensor event timeline. Detected traffic is included in data mining reports, but not when calculating other OT sensor reports. <br><br>Learning alerts is available for selected alerts only, mostly those triggered by *Policy* and *Anomaly* engine alerts. |
-|**Mute**     |  - OT network sensors <br><br>- On-premises management console      <br><br>*Unmuting* an alert is available only on the OT sensor.  |  Mute an alert when you want to close it and not see again for the same traffic, but without adding the alert allowed traffic. <br><br>For example, when the Operational engine triggers an alert indicating that the PLC Mode was changed on a device. The new mode may indicate that the PLC isn't secure, but after investigation, it's determined that the new mode is acceptable. <br><br>Muting an alert closes it, but doesn't add an item to the sensor event timeline. Detected traffic is included in data mining reports, but not when when calculating data for other sensor reports. <br><br>Muting an alert is available for selected alerts only, mostly those triggered by the *Anomaly*, *Protocol Violation*, or *Operational* engines.  |
+|**Mute**     |  - OT network sensors <br><br>- On-premises management console      <br><br>*Unmuting* an alert is available only on the OT sensor.  |  Mute an alert when you want to close it and not see again for the same traffic, but without adding the alert allowed traffic. <br><br>For example, when the Operational engine triggers an alert indicating that the PLC Mode was changed on a device. The new mode may indicate that the PLC isn't secure, but after investigation, it's determined that the new mode is acceptable. <br><br>Muting an alert closes it, but doesn't add an item to the sensor event timeline. Detected traffic is included in data mining reports, but not when calculating data for other sensor reports. <br><br>Muting an alert is available for selected alerts only, mostly those triggered by the *Anomaly*, *Protocol Violation*, or *Operational* engines.  |
 
 > [!TIP]
 > If you know ahead of time which events are irrelevant for you, such as during a maintenance window, or if you don't want to track the event in the event timeline, create an alert exclusion rule on an on-premises management console instead.
 >
 > For more information, see [Create alert exclusion rules on an on-premises management console](how-to-accelerate-alert-incident-response.md#create-alert-exclusion-rules-on-an-on-premises-management-console).
 >
 
+### Triage OT alerts during learning mode
+
+*Learning mode* refers to the initial period after an OT sensor is deployed, when your OT sensor learns your network's baseline activity, including the devices and protocols in your network, and the regular file transfers that occur between specific devices.
+
+Use learning mode to perform an initial triage on the alerts in your network, *learning* those you want to mark as authorized, expected activity. Learned traffic doesn't generate new alerts the next time the same traffic is detected.
+
+For more information, see [Create a learned baseline of OT alerts](ot-deploy/create-learned-baseline.md).
+
 ## Next steps
 
 Review alert types and messages to help you understand and plan remediation actions and playbook integrations. For more information, see [OT monitoring alert types and descriptions](alert-engine-messages.md).

articles/defender-for-iot/organizations/alerts.md

@@ -298,7 +298,7 @@ This API returns data about a specific device per a given device ID.
 | **u_mac_address_objects** |JSON array of MAC addresses | Not nullable | Array of [MAC address](#mac_address_object-fields) objects  |
 | **u_protocol_objects** | JSON array of protocols | Not nullable  | An array of [protocol](#protocol_object-fields) objects  |
 | **u_vlans**  |JSON array of VLAN objects | Not nullable | An array of [VLAN](#vlan_object-fields) objects  |
-| **u_purdue_layer**  | String | Not nullable |Defines the default [Purdue layer](../plan-network-monitoring.md#purdue-reference-model-and-defender-for-iot) for this device type. |
+| **u_purdue_layer**  | String | Not nullable |Defines the default [Purdue layer](../best-practices/understand-network-architecture.md) for this device type. |
 | **u_sensor_ids** |JSON array of sensor ID objects |Not nullable | An array of [sensor ID](#sensor_id_object-fields) objects  |
 | **u_cm_device_url** |String |Not nullable  | The URL used to access the device on the on-premises management console. |
 | **u_device_urls** |JSON array of URL objects |Not nullable  | An array of [device URL](#device_url_object-fields) objects |
@@ -732,6 +732,7 @@ curl -k -H "Authorization: <Authorization token>" "https://<IP Address>/external
 ```rest
 curl -k -H "Authorization: 1234b734a9244d54ab8d40aedddcabcd" "https://127.0.0.1/external/v3/integration/devicecves/1664781014000"
 ```
+
 ---
 
 ## Next steps

articles/defender-for-iot/organizations/api/management-integration-apis.md

@@ -14,7 +14,7 @@ This article describes the Dell Edge 5200 appliance for OT sensors.
 |**Hardware profile** | E500|
 |**Performance** | Max bandwidth: 1 Gbps<br>Max devices: 10,000 |
 |**Physical specifications** | Mounting: Wall Mount<br>Ports: 3x RJ45 |
-|**Status** | Supported, Not available pre-configured|
+|**Status** | Supported, Not available preconfigured|
 
 The following image shows the hardware elements on the Dell Edge 5200 that are used by Defender for IoT:
 
@@ -30,7 +30,7 @@ The following image shows the hardware elements on the Dell Edge 5200 that are u
 |Processor|	Intel® Core™ i7-9700TE|
 |Chipset|Intel C246|
 |Memory	|32 GB = Two 16 GB DDR4 ECC UDIMM|
-|Storage| 1x 512GB SSD |
+|Storage| 1x 512 GB SSD |
 |Network controller|3x Intel GbE: 2x i210 + i219LM PHY|
 |Management|Intel AMT supported on i5 and i7 CPUs|
 |Device access|	6x USB 3.0|
@@ -40,7 +40,7 @@ The following image shows the hardware elements on the Dell Edge 5200 that are u
 
 |Quantity|PN|Description|
 |:----|:----|:----|
-|1|210-BCNV|Dell EMC Edge Gateway 5200,Core i7-9700TE.32G.512G, Win 10 IoT.TPM, OEM|
+|1|210-BCNV|Dell EMC Edge Gateway 5200, Core i7-9700TE.32G.512G, Win 10 IoT.TPM, OEM|
 |1|631-ADIJ|User Documentation EMEA 2|
 |1|683-1187|No Installation Service Selected (Contact Sales Rep for more details)|
 |1|709-BDGW|Parts Only Warranty 15 Months|
@@ -54,6 +54,5 @@ Continue understanding system requirements for physical or virtual appliances. F
 
 Then, use any of the following procedures to continue:
 
-- [Purchase sensors or download software for sensors](../onboard-sensors.md#purchase-sensors-or-download-software-for-sensors)
-- [Download software for an on-premises management console](../how-to-manage-the-on-premises-management-console.md#download-software-for-the-on-premises-management-console)
-- [Install software](../how-to-install-software.md)
+- [Download software for an OT sensor](../ot-deploy/install-software-ot-sensor.md#download-software-files-from-the-azure-portal)
+- [Download software files for an on-premises management console](../ot-deploy/install-software-on-premises-management-console.md#download-software-files-from-the-azure-portal)

articles/defender-for-iot/organizations/appliance-catalog/dell-edge-5200.md

@@ -194,6 +194,5 @@ Continue understanding system requirements for physical or virtual appliances. F
 
 Then, use any of the following procedures to continue:
 
-- [Purchase sensors or download software for sensors](../onboard-sensors.md#purchase-sensors-or-download-software-for-sensors)
-- [Download software for an on-premises management console](../how-to-manage-the-on-premises-management-console.md#download-software-for-the-on-premises-management-console)
-- [Install software](../how-to-install-software.md)
+- [Download software for an OT sensor](../ot-deploy/install-software-ot-sensor.md#download-software-files-from-the-azure-portal)
+- [Download software files for an on-premises management console](../ot-deploy/install-software-on-premises-management-console.md#download-software-files-from-the-azure-portal)

articles/defender-for-iot/organizations/appliance-catalog/dell-poweredge-r340-xl-legacy.md

@@ -224,6 +224,5 @@ Continue understanding system requirements for physical or virtual appliances. F
 
 Then, use any of the following procedures to continue:
 
-- [Purchase sensors or download software for sensors](../onboard-sensors.md#purchase-sensors-or-download-software-for-sensors)
-- [Download software for an on-premises management console](../how-to-manage-the-on-premises-management-console.md#download-software-for-the-on-premises-management-console)
-- [Install software](../how-to-install-software.md)
+- [Download software for an OT sensor](../ot-deploy/install-software-ot-sensor.md#download-software-files-from-the-azure-portal)
+- [Download software files for an on-premises management console](../ot-deploy/install-software-on-premises-management-console.md#download-software-files-from-the-azure-portal)

articles/defender-for-iot/organizations/appliance-catalog/dell-poweredge-r350-e1800.md

@@ -148,6 +148,5 @@ Continue understanding system requirements for physical or virtual appliances. F
 
 Then, use any of the following procedures to continue:
 
-- [Purchase sensors or download software for sensors](../onboard-sensors.md#purchase-sensors-or-download-software-for-sensors)
-- [Download software for an on-premises management console](../how-to-manage-the-on-premises-management-console.md#download-software-for-the-on-premises-management-console)
-- [Install software](../how-to-install-software.md)
+- [Download software for an OT sensor](../ot-deploy/install-software-ot-sensor.md#download-software-files-from-the-azure-portal)
+- [Download software files for an on-premises management console](../ot-deploy/install-software-on-premises-management-console.md#download-software-files-from-the-azure-portal)

articles/defender-for-iot/organizations/appliance-catalog/hpe-edgeline-el300.md

@@ -153,6 +153,5 @@ Continue understanding system requirements for physical or virtual appliances. F
 
 Then, use any of the following procedures to continue:
 
-- [Purchase sensors or download software for sensors](../onboard-sensors.md#purchase-sensors-or-download-software-for-sensors)
-- [Download software for an on-premises management console](../how-to-manage-the-on-premises-management-console.md#download-software-for-the-on-premises-management-console)
-- [Install software](../how-to-install-software.md)
+- [Download software for an OT sensor](../ot-deploy/install-software-ot-sensor.md#download-software-files-from-the-azure-portal)
+- [Download software files for an on-premises management console](../ot-deploy/install-software-on-premises-management-console.md#download-software-files-from-the-azure-portal)

articles/defender-for-iot/organizations/appliance-catalog/hpe-proliant-dl20-legacy.md

@@ -51,10 +51,10 @@ The following image shows a sample of the HPE ProLiant DL20 back panel:
 |----|---|----|
 |1|	P44111-B21 | HPE DL20 Gen10+ 4SFF CTO Server|
 |1|	P45252-B21 | Intel Xeon E-2334 FIO CPU for HPE|
-|4|	P28610-B21 | HPE 1 TB SATA 7.2K SFF BC HDD|
+|4|	P28610-B21 | HPE 1-TB SATA 7.2K SFF BC HDD|
 |2|	P43019-B21 | HPE 16 GB 1Rx8 PC4-3200AA-E Standard Kit|
 |1|	869079-B21 | HPE Smart Array E208i-a SR G10 LH Ctrlr (RAID10)|
-|1|	P21106-B21 | INT I350 1GbE 4p BASE-T Adapter|
+|1|	P21106-B21 | INT I350 1 GbE 4p BASE-T Adapter|
 |1|	P45948-B21 | HPE DL20 Gen10+ RPS FIO Enable Kit|
 |2|	865408-B21 | HPE 500W FS Plat Hot Plug LH Power Supply Kit|
 |1|	775612-B21 | HPE 1U Short Friction Rail Kit|
@@ -74,10 +74,10 @@ Optional modules for port expansion include:
 |Location |Type|Specifications|
 |--------------|--------------|---------|
 | PCI Slot 1 (Low profile)  | DP F/O NIC |P26262-B21 - Broadcom BCM57414 Ethernet 10/25Gb 2-port SFP28 Adapter for HPE |
-| PCI Slot 1 (Low profile)  | DP F/O NIC |P28787-B21 - Intel X710-DA2 Ethernet 10 Gb 2-port SFP+ Adapter for HPE |
-| PCI Slot 2 (High profile) | Quad Port Ethernet NIC| P21106-B21 - Intel I350-T4 Ethernet 1 Gb 4-port BASE-T Adapter for HPE |
+| PCI Slot 1 (Low profile)  | DP F/O NIC |P28787-B21 - Intel X710-DA2 Ethernet 10-Gb 2-port SFP+ Adapter for HPE |
+| PCI Slot 2 (High profile) | Quad Port Ethernet NIC| P21106-B21 - Intel I350-T4 Ethernet 1-Gb 4-port BASE-T Adapter for HPE |
 | PCI Slot 2 (High profile) | DP F/O NIC |P26262-B21 - Broadcom BCM57414 Ethernet 10/25 Gb 2-port SFP28 Adapter for HPE |
-| PCI Slot 2 (High profile) | DP F/O NIC |P28787-B21 - Intel X710-DA2 Ethernet 10 Gb 2-port SFP+ Adapter for HPE |
+| PCI Slot 2 (High profile) | DP F/O NIC |P28787-B21 - Intel X710-DA2 Ethernet 10-Gb 2-port SFP+ Adapter for HPE |
 | SFPs for Fiber Optic NICs|MultiMode, Short Range|455883-B21 - HPE BLc 10G SFP+ SR Transceiver|
 | SFPs for Fiber Optic NICs|SingleMode, Long Range | 455886-B21 -  HPE BLc 10G SFP+ LR Transceiver|
 
@@ -170,6 +170,5 @@ Continue understanding system requirements for physical or virtual appliances. F
 
 Then, use any of the following procedures to continue:
 
-- [Purchase sensors or download software for sensors](../onboard-sensors.md#purchase-sensors-or-download-software-for-sensors)
-- [Download software for an on-premises management console](../how-to-manage-the-on-premises-management-console.md#download-software-for-the-on-premises-management-console)
-- [Install software](../how-to-install-software.md)
+- [Download software for an OT sensor](../ot-deploy/install-software-ot-sensor.md#download-software-files-from-the-azure-portal)
+- [Download software files for an on-premises management console](../ot-deploy/install-software-on-premises-management-console.md#download-software-files-from-the-azure-portal)

articles/defender-for-iot/organizations/appliance-catalog/hpe-proliant-dl20-plus-enterprise.md

@@ -51,7 +51,7 @@ The following image shows a sample of the HPE ProLiant DL20 Gen10 back panel:
 |----|---|----|
 |1|	P44111-B21 | HPE DL20 Gen10+ NHP 2LFF CTO Server|
 |1|	P45252-B21 | Intel Xeon E-2334 FIO CPU for HPE|
-|2|	P28610-B21 | HPE 1 TB SATA 7.2K SFF BC HDD|
+|2|	P28610-B21 | HPE 1-TB SATA 7.2K SFF BC HDD|
 |1|	P43016-B21 | HPE 8 GB 1Rx8 PC4-3200AA-E Standard Kit|
 |1|	869079-B21 | HPE Smart Array E208i-a SR G10 LH Ctrlr (RAID10)|
 |1|	P21106-B21 | INT I350 1GbE 4p BASE-T Adapter|
@@ -73,9 +73,9 @@ Optional modules for port expansion include:
 
 |Location |Type|Specifications|
 |--------------|--------------|---------|
-| PCI Slot 1 (Low profile)  | DP F/O NIC |P26262-B21 - Broadcom BCM57414 Ethernet 10/25 Gb 2-port SFP28 Adapter for HPE |
-| PCI Slot 1 (Low profile)  | DP F/O NIC |P28787-B21 - Intel X710-DA2 Ethernet 10 Gb 2-port SFP+ Adapter for HPE |
-| PCI Slot 2 (High profile) | Quad Port Ethernet NIC| P21106-B21 - Intel I350-T4 Ethernet 1 Gb 4-port BASE-T Adapter for HPE |
+| PCI Slot 1 (Low profile)  | DP F/O NIC |P26262-B21 - Broadcom BCM57414 Ethernet 10/25-Gb 2-port SFP28 Adapter for HPE |
+| PCI Slot 1 (Low profile)  | DP F/O NIC |P28787-B21 - Intel X710-DA2 Ethernet 10-Gb 2-port SFP+ Adapter for HPE |
+| PCI Slot 2 (High profile) | Quad Port Ethernet NIC| P21106-B21 - Intel I350-T4 Ethernet 1-Gb 4-port BASE-T Adapter for HPE |
 | PCI Slot 2 (High profile) | DP F/O NIC |P26262-B21 - Broadcom BCM57414 Ethernet 10/25 Gb 2-port SFP28 Adapter for HPE |
 | PCI Slot 2 (High profile) | DP F/O NIC |P28787-B21 - Intel X710-DA2 Ethernet 10 Gb 2-port SFP+ Adapter for HPE |
 | SFPs for Fiber Optic NICs|MultiMode, Short Range|455883-B21 - HPE BLc 10G SFP+ SR Transceiver|
@@ -188,6 +188,5 @@ Continue understanding system requirements for physical or virtual appliances. F
 
 Then, use any of the following procedures to continue:
 
-- [Purchase sensors or download software for sensors](../onboard-sensors.md#purchase-sensors-or-download-software-for-sensors)
-- [Download software for an on-premises management console](../how-to-manage-the-on-premises-management-console.md#download-software-for-the-on-premises-management-console)
-- [Install software](../how-to-install-software.md)
+- [Download software for an OT sensor](../ot-deploy/install-software-ot-sensor.md#download-software-files-from-the-azure-portal)
+- [Download software files for an on-premises management console](../ot-deploy/install-software-on-premises-management-console.md#download-software-files-from-the-azure-portal)