Merge pull request #260149 from batamig/remove-horizon

D4IoT removing horizon

Author: Stacyrch140

.openpublishing.redirection.defender-for-iot.json

@@ -1,5 +1,10 @@
 {
     "redirections": [          
+        {
+            "source_path_from_root": "/articles/defender-for-iot/organizations/resources-manage-proprietary-protocols.md",
+            "redirect_url": "/azure/defender-for-iot/organizations/how-to-manage-individual-sensors#manage-custom-plugins-legacy",
+            "redirect_document_id": false
+        },      
         {
             "source_path_from_root": "/articles/defender-for-iot/organizations/how-to-set-up-high-availability.md",
             "redirect_url": "/azure/defender-for-iot/organizations/legacy-central-management/how-to-set-up-high-availability",

articles/defender-for-iot/organizations/TOC.yml

@@ -288,9 +288,6 @@
           displayName: activation, time zone, SMTP, PCAP, SSH, ERSPAN
         - name: Configure SNMP monitoring
           href: how-to-set-up-snmp-mib-monitoring.md
-        - name: Add support for proprietary protocols
-          href: resources-manage-proprietary-protocols.md
-          displayName: Horizon
         - name: Maintain threat intelligence packages
           href: how-to-work-with-threat-intelligence-packages.md
         - name: Troubleshoot OT sensors

articles/defender-for-iot/organizations/api/sensor-inventory-apis.md

@@ -639,7 +639,7 @@ This section lists the supported fields for the [protocols](#protocol) object in
 | Name | Type | Nullable / Not nullable | List of values |
 |--|--|--|--|
 | **id** | Numeric. Defines the protocol's internal ID. |  Not nullable | - |
-|<a name="protocol-name"></a>**name** |String. Defines the device name. |Not nullable | For more information, see below. <br><br>**Note**: To extend Defender for IoT support to proprietary protocols, create a Horizon plugin. For more information, see [Extend support to proprietary protocols](../overview.md#extend-support-to-proprietary-ot-protocols).|
+|<a name="protocol-name"></a>**name** |String. Defines the device name. |Not nullable | For more information, see below. |
 |**ipAddresses** | JSON array of strings of protocol IP addresses. |Not nullable | - |
 
 The following values are supported as [protocol names](#protocol-name) out-of-the-box:

articles/defender-for-iot/organizations/concept-supported-protocols.md

@@ -1,14 +1,14 @@
 ---
 title: Protocols supported by Microsoft Defender for IoT
 description: Learn about protocols that Microsoft Defender for IoT supports.
-ms.date: 08/31/2023
+ms.date: 12/04/2023
 ms.topic: concept-article
 ms.custom: enterprise-iot
 ---
 
 # Microsoft Defender for IoT - supported IoT, OT, ICS, and SCADA protocols
 
-This article lists the protocols that are supported by default in Microsoft Defender for IoT. If your organization uses proprietary protocols or other protocols not listed here, use the Defender for IoT Horizon SDK to extend support as needed.
+This article lists the protocols that are supported by default in Microsoft Defender for IoT.
 
 ## Supported protocols for OT device discovery
 
@@ -32,7 +32,6 @@ OT network sensors can detect the following protocols when identifying assets an
 |**ISO**     |  CLNP (ISO 8473)<br> COTP (ISO 8073)<br> ISO Industrial Protocol<br>  MQTT (IEC 20922)       |
 | **Jenesys** |FOX <br>Niagara |
 |**Medical**     |ASTM<br> HL7  <br> DICOM  <br>  POCT1     |
-|**Microsoft**     | Horizon community dissectors<br> Horizon proprietary dissectors (developed by customers)        |
 |**Mitsubishi**     |   Melsoft / Melsec (Mitsubishi Electric)      |
 |**Omron**     |  FINS <br>HTTP      |
 |**OPC**     |  AE <br>Common <br> DA <br>HDA <br> UA       |
@@ -65,23 +64,6 @@ Enterprise IoT network sensors can detect the following protocols when identifyi
 |**Medical**     |DICOM <br>HL7 <br>POCT1        |
 | **SWARM** | swarm |
 
-## Don't see your protocol here? 
-
-### Build support for proprietary OT protocols with the Horizon SDK
-
-Asset vendors, partners, or platform owners can use Defender for IoT's Horizon Protocol SDK to secure any OT protocol used in IoT and ICS environments that's not isn't already supported by default.
-
-Horizon helps you to write plugins for OT sensors that enable Deep Packet Inspection (DPI) on the traffic and detect threats in real-time. Customize your plugins localize and customize text for alerts, events, and protocol parameters.
-
-Horizon provides:
-
-- Support for common, proprietary, or custom protocols that deviate from standards
-- Extra flexibility and scope for DPI development
-- Extra visibility and control over your OT assets without needing to update your Defender for IoT version
-- The security of allowing proprietary development without divulging sensitive information
-
-:::image type="content" source="media/concept-supported-protocols/sdk-horizon.png" alt-text="Infographic that describes features provided by the Horizon SDK." border="false":::
-
 ## Next steps
 
 For more information:

articles/defender-for-iot/organizations/how-to-manage-individual-sensors.md

@@ -1,7 +1,7 @@
 ---
 title: Maintain Defender for IoT OT network sensors from the GUI - Microsoft Defender for IoT
 description: Learn how to perform maintenance activities on individual OT network sensors using the OT sensor console.
-ms.date: 07/04/2023
+ms.date: 12/12/2023
 ms.topic: how-to
 ---
 
@@ -427,6 +427,33 @@ After clearing data on a cloud-connected sensor:
 
 A confirmation message appears that the action was successful. All learned data, allowlists, policies, and configuration settings are cleared from the sensor.
 
+## Manage sensor plugins and monitor plugin performance
+
+View data for each protocol monitored by your sensor using the **Protocols DPI (Horizon Plugins)** page in the sensor console.
+
+1. Sign into your OT sensor console and select **System settings > Network monitoring > Protocols DPI (Horizon Plugins)**.
+
+1. Do one of the following:
+
+    - To limit the protocols monitored by your sensor, select the **Enable/Disable** toggle for each plugin as needed.
+
+    - To monitor plugin performance, view the data shown on the **Protocols DPI (Horizon Plugins)** page for each plugin. To help locate a specific plugin, use the **Search** box to enter part or all of a plugin name.
+
+The **Protocols DPI (Horizon Plugins)** lists the following data per plugin:
+
+|Column name  |Description |
+|---------|---------|
+|**Plugin**     | Defines the plugin name.        |
+|**Type**     |   The plugin type, including APPLICATION or INFRASTRUCTURE.      |
+|**Time**     |  The time that data was last analyzed using the plugin. The time stamp is updated every five seconds.       |
+|**PPS**     |   The number of packets analyzed per second by the plugin.  |
+|**Bandwidth**     |    The average bandwidth detected by the plugin within the last five seconds.     |
+|**Malforms**     |  The number of malform errors detected in the last five seconds. Malformed validations are used after the protocol has been positively validated. If there's a failure to process the packets based on the protocol, a failure response is returned.       |
+|**Warnings**     | The number of warnings detected, such as when packets match the structure and specifications, but unexpected behavior is detected, based on the plugin warning configuration.        |
+| **Errors** | The number of errors detected in the last five seconds for packets that failed basic protocol validations for the packets that match protocol definitions. |
+
+Log data is available for export in the **Dissection statistics** and **Dissection Logs**, log files. For more information, see [Export troubleshooting logs](how-to-troubleshoot-sensor.md).
+
 ## Next steps
 
 For more information, see:

articles/defender-for-iot/organizations/overview.md

@@ -65,16 +65,6 @@ Install OT network sensors on-premises, at strategic locations in your network t
 
 For more information, see [System architecture for OT system monitoring](architecture.md).
 
-## Extend support to proprietary OT protocols
-
-IoT and industrial control system (ICS) devices can be secured using both embedded protocols and proprietary, custom, or nonstandard protocols. If you have devices that run on protocols that aren't supported by Defender for IoT out-of-the-box, use the Horizon Open Development Environment (ODE) SDK to develop dissector plug-ins to decode network traffic for your protocols.
-
-Create custom alerts for your plugin to pinpoint specific network activity and effectively update your security, IT, and operational teams. For example, have alerts triggered when:
-
-- The sensor detects a write command to a memory register on a specific IP address and Ethernet destination.
-- Any access is performed to a specific IP address.
-
-For more information, see [Manage proprietary protocols with Horizon plugins](resources-manage-proprietary-protocols.md).
 
 ## Protect enterprise IoT networks
 

articles/defender-for-iot/organizations/resources-manage-proprietary-protocols.md

@@ -785,7 +785,7 @@ For more information, see [Understand sensor health](how-to-manage-sensors-on-th
 |Service area  |Updates  |
 |---------|---------|
 |**Enterprise IoT networks**     | - [Enterprise IoT and Defender for Endpoint integration in GA](#enterprise-iot-and-defender-for-endpoint-integration-in-ga)        |
-|**OT networks**     |**Sensor software version 22.2.4**: <br>- [Device inventory enhancements](#device-inventory-enhancements)<br>- [Enhancements for the ServiceNow integration API](#enhancements-for-the-servicenow-integration-api)<br><br>**Sensor software version 22.2.3**:<br>- [OT appliance hardware profile updates](#ot-appliance-hardware-profile-updates)<br>- [PCAP access from the Azure portal](#pcap-access-from-the-azure-portal-public-preview)<br>- [Bi-directional alert synch between sensors and the Azure portal](#bi-directional-alert-synch-between-sensors-and-the-azure-portal-public-preview)<br>- [Sensor connections restored after certificate rotation](#sensor-connections-restored-after-certificate-rotation)<br>- [Support diagnostic log enhancements](#support-diagnostic-log-enhancements-public-preview)<br>- [Improved security for uploading protocol plugins](#improved-security-for-uploading-protocol-plugins)<br>- [Sensor names shown in browser tabs](#sensor-names-shown-in-browser-tabs)<br><br>**Sensor software version 22.1.7**: <br>- [Same passwords for *cyberx_host* and *cyberx* users](#same-passwords-for-cyberx_host-and-cyberx-users)  |
+|**OT networks**     |**Sensor software version 22.2.4**: <br>- [Device inventory enhancements](#device-inventory-enhancements)<br>- [Enhancements for the ServiceNow integration API](#enhancements-for-the-servicenow-integration-api)<br><br>**Sensor software version 22.2.3**:<br>- [OT appliance hardware profile updates](#ot-appliance-hardware-profile-updates)<br>- [PCAP access from the Azure portal](#pcap-access-from-the-azure-portal-public-preview)<br>- [Bi-directional alert synch between sensors and the Azure portal](#bi-directional-alert-synch-between-sensors-and-the-azure-portal-public-preview)<br>- [Sensor connections restored after certificate rotation](#sensor-connections-restored-after-certificate-rotation)<br>- [Support diagnostic log enhancements](#support-diagnostic-log-enhancements-public-preview)<br>- [Sensor names shown in browser tabs](#sensor-names-shown-in-browser-tabs)<br><br>**Sensor software version 22.1.7**: <br>- [Same passwords for *cyberx_host* and *cyberx* users](#same-passwords-for-cyberx_host-and-cyberx-users)  |
 |**Cloud-only features**     |  - [Microsoft Sentinel incident synch with Defender for IoT alerts](#microsoft-sentinel-incident-synch-with-defender-for-iot-alerts) |
 
 ### Enterprise IoT and Defender for Endpoint integration in GA
@@ -901,14 +901,6 @@ For more information, see:
 - [Download a diagnostics log for support](how-to-troubleshoot-sensor.md#download-a-diagnostics-log-for-support)
 - [Upload a diagnostics log for support](how-to-manage-sensors-on-the-cloud.md#upload-a-diagnostics-log-for-support)
 
-### Improved security for uploading protocol plugins
-
-This version of the sensor provides an improved security for uploading proprietary plugins you've created using the Horizon SDK.
-
-:::image type="content" source="media/release-notes/horizon.png" alt-text="Screenshot of the new Protocols DPI (Horizon Plugins) page." lightbox="media/release-notes/horizon.png":::
-
-For more information, see [Manage proprietary protocols with Horizon plugins](resources-manage-proprietary-protocols.md).
-
 ### Sensor names shown in browser tabs
 
 Starting in sensor version 22.2.3, your sensor's name is displayed in the browser tab, making it easier for you to identify the sensors you're working with.