Merge pull request #200891 from batamig/snow-api-updates-devices

Sensor 22.2.4 SNOW API updates- Approved 24.07

Author: v-regandowner

articles/defender-for-iot/organizations/references-work-with-defender-for-iot-apis.md

@@ -1,7 +1,7 @@
 ---
 title: Work with Defender for IoT APIs
 description: Use an external REST API to access the data discovered by sensors and management consoles and perform actions with that data.
-ms.date: 01/31/2022
+ms.date: 06/08/2022
 ms.topic: reference
 ---
 
@@ -1557,6 +1557,8 @@ This section describes on-premises management console APIs for:
 
 - [ServiceNow Integration API - “/external/v3/integration/ (Preview)](#servicenow-integration-api---externalv3integration-preview)
 
+All parameters in Version 3 APIs are optional.
+
 ### Alert Exclusions
 
 Define conditions under which alerts won't be sent. For example, define and update stop and start times, devices or subnets that should be excluded when triggering alerts, or Defender for IoT engines that should be excluded. For example, during a maintenance window, you might want to stop delivery of all alerts, except for malware alerts on critical devices. The items you define here appear in the on-premises management console's Alert Exclusions window as read-only exclusion rules.
@@ -2671,7 +2673,9 @@ Example:
 
 The below API's can be used with the ServiceNow integration via the ServiceNow's Service Graph Connector for Defender for IoT.
 
-### Create and update devices
+### devices
+
+This API returns data about all devices that were updated after the given timestamp.
 
 #### Request
 
@@ -2694,10 +2698,12 @@ The below API's can be used with the ServiceNow integration via the ServiceNow's
 - Type: JSON
 - Structure:
     - “**u_count**” - amount of object in the full result sets, including all pages.
-    - “**u_devices**” - array of device objects (as defined in the specific device API).
+    - “**u_devices**” - array of device objects. Each object is defined with the parameters listed in the [device](#device) API.
 
 ### Connections
 
+This API returns data about all device connections that were updated after the given timestamp.
+
 #### Request
 
 - Path: “/connections/{timestamp}”
@@ -2721,7 +2727,9 @@ The below API's can be used with the ServiceNow integration via the ServiceNow's
             - “**Two Way**”
             - “**Multicast**”
 
-### Specific device
+### device
+
+This API returns data about a specific device per a given device ID.
 
 #### Request
 
@@ -2788,7 +2796,7 @@ The below API's can be used with the ServiceNow integration via the ServiceNow's
     - Array of
         - “**u_id**” - the ID of the deleted device.
 
-### Sensors
+### sensors
 
 #### Request
 
@@ -2833,8 +2841,9 @@ The below API's can be used with the ServiceNow integration via the ServiceNow's
             - "**STARTING_INSTALLATION**"
             - "**INSTALLING_OPERATING_SYSTEM**"
         - “**u_uid**” - globally unique identifier of the sensor
+        - "**u_is_in_learning_mode**" - Boolean indication as to whether the sensor is in Learn mode or not
 
-### Device CVEs
+### devicecves
 
 #### Request
 
@@ -2843,8 +2852,11 @@ The below API's can be used with the ServiceNow integration via the ServiceNow's
 - Path parameters:
     - “**timestamp**” – the time from which updates are required, only later updates will be returned.
 - Query parameters:
-    - “**page**” - the page number, from the result set (first page is 0, default value is 0)
-    - “**size**” - the page size (default value is 50)
+    - “**page**” - Defines the page number, from the result set (first page is 0, default value is 0)
+    - “**size**” - Defines the page size (default value is 50)
+    - “**sensorId**” - Shows results from a specific sensor, as defined by the given sensor ID.
+    - “**score**” - Determines a minimum CVE score to be retrieved. All results will have a CVE score equal to or higher than the given value. Default = **0**. 
+    - “**deviceIds**” -  A comma-separated list of device IDs from which you want to show results. For example: **1232,34,2,456**
 
 #### Response
 

articles/defender-for-iot/organizations/release-notes.md

@@ -63,7 +63,7 @@ For more information, see the [Microsoft Security Development Lifecycle practice
 |Service area  |Updates  |
 |---------|---------|
 |**Enterprise IoT networks**     | - [Enterprise IoT purchase experience and Defender for Endpoint integration in GA](#enterprise-iot-purchase-experience-and-defender-for-endpoint-integration-in-ga)        |
-|**OT networks**     |**Sensor software version 22.2.4**:<br>- [Device inventory enhancements](#device-inventory-enhancements)<br><br>**Sensor software version 22.2.3**:<br>- [OT appliance hardware profile updates](#ot-appliance-hardware-profile-updates)<br>- [PCAP access from the Azure portal](#pcap-access-from-the-azure-portal-public-preview)<br>- [Bi-directional alert synch between sensors and the Azure portal](#bi-directional-alert-synch-between-sensors-and-the-azure-portal-public-preview)<br>- [Support diagnostic log enhancements](#support-diagnostic-log-enhancements-public-preview)<br>- [Improved security for uploading protocol plugins](#improved-security-for-uploading-protocol-plugins)<br>- [Sensor names shown in browser tabs](#sensor-names-shown-in-browser-tabs)<br><br>**To update to versions 22.2.3 and higher**:<br>- From version 22.1.x, update directly to the latest version.<br>- From version 10.x, first update to version 21.1.6, and then update again to 22.2.3<br><br>For more information, see [Update Defender for IoT OT monitoring software](update-ot-software.md).  |
+|**OT networks**     |**Sensor software version 22.2.4**: <br>- [Device inventory enhancements](#device-inventory-enhancements)<br>- [Enhancements for the ServiceNow integration API](#enhancements-for-the-servicenow-integration-api)<br><br>**Sensor software version 22.2.3**:<br>- [OT appliance hardware profile updates](#ot-appliance-hardware-profile-updates)<br>- [PCAP access from the Azure portal](#pcap-access-from-the-azure-portal-public-preview)<br>- [Bi-directional alert synch between sensors and the Azure portal](#bi-directional-alert-synch-between-sensors-and-the-azure-portal-public-preview)<br>- [Support diagnostic log enhancements](#support-diagnostic-log-enhancements-public-preview)<br>- [Improved security for uploading protocol plugins](#improved-security-for-uploading-protocol-plugins)<br>- [Sensor names shown in browser tabs](#sensor-names-shown-in-browser-tabs)<br><br>To update to version 22.2.3:<br>- From version 22.1.x, update directly to version 22.2.3<br>- From version 10.x, first update to version 21.1.6, and then update again to 22.2.3<br><br>For more information, see [Update Defender for IoT OT monitoring software](update-ot-software.md).  |
 |**Cloud-only features**     |  - [Microsoft Sentinel incident synch with Defender for IoT alerts](#microsoft-sentinel-incident-synch-with-defender-for-iot-alerts) |
 
 ### Enterprise IoT purchase experience and Defender for Endpoint integration in GA
@@ -81,7 +81,7 @@ Defender for IoT’s new purchase experience and the Enterprise IoT integration
 
 ### Device inventory enhancements
 
-Starting in sensor versions 22.2.4, you can now take the following actions from the sensor console's **Device inventory** page:
+Starting in OT sensor versions 22.2.4, you can now take the following actions from the sensor console's **Device inventory** page:
 
 - **Merge duplicate devices**. You may need to merge devices if the sensor has discovered separate network entities that are associated with a single, unique device. Examples of this scenario might include a PLC with four network cards, a laptop with both WiFi and a physical network card, or a single workstation with multiple network cards.
 
@@ -95,6 +95,18 @@ Also starting in version 22.2.4, in the sensor console's **Device inventory** pa
 
 For more information, see [Manage your OT device inventory from a sensor console](how-to-investigate-sensor-detections-in-a-device-inventory.md).
 
+### Enhancements for the ServiceNow integration API
+
+OT sensor version 22.2.4 provides enhancements for the `devicecves` API, which gets details about the CVEs found for a given device.
+
+Now you can add any of the following parameters to your query to fine tune your results:
+
+- “**sensorId**” - Shows results from a specific sensor, as defined by the given sensor ID.
+- “**score**” - Determines a minimum CVE score to be retrieved. All results will have a CVE score equal to or higher than the given value. Default = **0**.
+- “**deviceIds**” -  A comma-separated list of device IDs from which you want to show results. For example: **1232,34,2,456**
+
+For more information, see [ServiceNow Integration API - “/external/v3/integration/ (Preview)](references-work-with-defender-for-iot-apis.md#servicenow-integration-api---externalv3integration-preview).
+
 ### OT appliance hardware profile updates
 
 We've refreshed the naming conventions for our OT appliance hardware profiles for greater transparency and clarity.
@@ -234,6 +246,7 @@ Check out our new structure to follow through viewing devices and assets, managi
 > To send feedback on docs via GitHub, scroll to the bottom of the page and select the **Feedback** option for **This page**. We'd be glad to hear from you!
 >
 
+
 ## April 2022
 
 - [Extended device property data in the Device inventory](#extended-device-property-data-in-the-device-inventory)