Merge pull request #216584 from batamig/patch-251

adding H3, moving category list

Author: prmerger-automator[bot]

articles/defender-for-iot/organizations/alert-engine-messages.md

@@ -1,19 +1,19 @@
 ---
-title: Alert types and descriptions
-description: Review Defender for IoT Alert descriptions.
-ms.date: 12/13/2021
-ms.topic: how-to
+title: OT monitoring alert types and descriptions
+description: Learn more about the alerts that are triggered for traffic on OT networks.
+ms.date: 11/01/2022
+ms.topic: reference
 ---
 
-# Alert types and descriptions
+# OT monitoring alert types and descriptions
 
 This article provides information on the alert types, descriptions, and severity that may be generated from the Defender for IoT engines. This information can be used to help map alerts into playbooks, define Forwarding rules, Exclusion rules, and custom alerts and define the appropriate rules within a SIEM. Alerts appear in the Alerts window, which allows you to manage the alert event.
 
 ### Alert news
 
-New alerts may be added and existing alerts may be updated or disabled. Certain disabled alerts can be re-enabled from the Support page of the sensor console. Alerts that can be re-enabled are marked with an asterisk (*) in the tables below.
+New alerts may be added and existing alerts may be updated or disabled. Certain disabled alerts can be re-enabled from the **Support** page of the sensor console. Alerts that can be re-enabled are marked with an asterisk (*) in the tables below.
 
-You may have configured newly disabled alerts in your Forwarding rules. If so, you may need to update related Defender for IoT Exclusion rules, or update SIEM rules and playbooks where relevant.  
+You may have configured newly disabled alerts in your Forwarding rules. If so, you may need to update related Defender for IoT Exclusion rules, or update SIEM rules and playbooks where relevant.
 
 See  [What's new in Microsoft Defender for IoT?](release-notes.md#whats-new-in-microsoft-defender-for-iot) for detailed information about changes made to alerts.
 
@@ -27,6 +27,40 @@ See  [What's new in Microsoft Defender for IoT?](release-notes.md#whats-new-in-m
 | Malware alerts | Triggered when the Malware engine detects malicious network activity. For example, the engine detects a known attack such as Conficker. |
 | Anomaly alerts | Triggered when the Anomaly engine detects a deviation. For example, a device is performing network scans but isn't defined as a scanning device. |
 
+## Supported alert categories
+
+Each alert has one of the following categories:
+
+:::row:::
+   :::column span="":::
+      - Abnormal Communication Behavior
+      - Abnormal HTTP Communication Behavior
+      - Authentication
+      - Backup
+      - Bandwidth Anomalies
+      - Buffer overflow
+      - Command Failures
+      - Configuration changes
+      - Custom Alerts
+      - Discovery
+      - Firmware change
+      - Illegal commands
+   :::column-end:::
+   :::column span="":::
+      - Internet Access
+      - Operation Failures
+      - Operational issues
+      - Programming
+      - Remote access
+      - Restart/Stop Commands
+      - Scan
+      - Sensor traffic
+      - Suspicion of malicious activity
+      - Suspicion of Malware
+      - Unauthorized Communication Behavior
+      - Unresponsive
+   :::column-end:::
+:::row-end:::
 
 ## Policy engine alerts
 

articles/defender-for-iot/organizations/how-to-manage-cloud-alerts.md

@@ -60,7 +60,7 @@ The following alert details are displayed by default in the grid:
 | **Source device** | The IP address, MAC, or device name. |
 | **Tactics** | The MITRE ATT&CK stage. |
 
-**To view additional information:**
+### View more alert details
 
 1. Select **Edit columns** from the Alerts page.
 1. In the Edit Columns dialog box, select **Add Column** and choose an item to add. The following items are available:
@@ -87,39 +87,6 @@ For example, filter alerts by **Category**:
 
 :::image type="content" source="media/how-to-view-manage-cloud-alerts/category-filter.png" alt-text="Screenshot of the Category filter option in Alerts page in the Azure portal.":::
 
-Supported categories include:
-
-:::row:::
-   :::column span="":::
-      - Abnormal Communication Behavior
-      - Abnormal HTTP Communication Behavior
-      - Authentication
-      - Backup
-      - Bandwidth Anomalies
-      - Buffer overflow
-      - Command Failures
-      - Configuration changes
-      - Custom Alerts
-      - Discovery
-      - Firmware change
-      - Illegal commands
-   :::column-end:::
-   :::column span="":::
-      - Internet Access
-      - Operation Failures
-      - Operational issues
-      - Programming
-      - Remote access
-      - Restart/Stop Commands
-      - Scan
-      - Sensor traffic
-      - Suspicion of malicious activity
-      - Suspicion of Malware
-      - Unauthorized Communication Behavior
-      - Unresponsive
-   :::column-end:::
-:::row-end:::
-
 ### Group alerts displayed
 
 Use the **Group by** menu at the top right to collapse the grid into subsections according to specific parameters.

articles/defender-for-iot/organizations/release-notes.md

@@ -60,6 +60,22 @@ For more information, see the [Microsoft Security Development Lifecycle practice
 | 10.5.3 | 10/2021 | 07/2022 |
 | 10.5.2 | 10/2021 | 07/2022 |
 
+## October 2022
+
+|Service area  |Updates  |
+|---------|---------|
+|**OT networks**     | [Enhanced OT monitoring alert reference](#enhanced-ot-monitoring-alert-reference) |
+
+### Enhanced OT monitoring alert reference
+
+Our alert reference article now includes the following details for each alert:
+
+- **Alert category**, helpful when you want to investigate alerts that are aggregated by a specific activity or configure SIEM rules to generate incidents based on specific activities
+
+- **Alert threshold**, for relevant alerts. Thresholds indicate the specific point at which an alert is triggered. Modify alert thresholds as needed from the sensor's **Support** page.
+
+For more information, see [OT monitoring alert types and descriptions](alert-engine-messages.md), specifically [Supported alert categories](alert-engine-messages.md#supported-alert-categories).
+
 ## September 2022
 
 |Service area  |Updates  |
@@ -855,4 +871,4 @@ Unicode characters are now supported when working with sensor certificate passph
 
 ## Next steps
 
-[Getting started with Defender for IoT](getting-started.md)
+[Getting started with Defender for IoT](getting-started.md)