initial

tarTech23 · tarTech23 · commit dc3a582caff3 · 2024-11-07T16:36:46.000+02:00
diff --git a/articles/defender-for-iot/organizations/alerts.md b/articles/defender-for-iot/organizations/alerts.md
@@ -5,7 +5,7 @@ ms.date: 08/06/2023
 ms.topic: how-to
 ms.custom: enterprise-iot
 ---
-
+<!-- should we reassess the order of this article, does it make sesne? Could the flow be better? -->
 # Microsoft Defender for IoT alerts
 
 Microsoft Defender for IoT alerts enhance your network security and operations with real-time details about events logged in your network. Alerts are triggered when OT network sensors detect changes or suspicious activity in network traffic that needs your attention.
@@ -50,6 +50,13 @@ For more information, see:
 
 Alert options also differ depending on your location and user role. For more information, see [Azure user roles and permissions](roles-azure.md) and [On-premises users and roles](roles-on-premises.md).
 
+<!-- placing here for initial ease and finding - where should this really go?-->
+## Alert grouping
+
+Multiple alerts, from the same alert category, that have the same parameters, ie. the same source and destination IP addresses, are aggregated into one alert report, instead of each alert being displayed individually.
+
+The alert has a violations parameter added to show how many alerts of this type are generated. They can all be remediated simaltaneously using the Learn and Actions recommended, which will apply to all versions of this alert. The alerts can be viewed individually within their respective devices.
+
 ## Focused alerts in OT/IT environments
 
 Organizations where sensors are deployed between OT and IT networks deal with many alerts, related to both OT and IT traffic. The amount of alerts, some of which are irrelevant, can cause alert fatigue and affect overall performance. To address these challenges, Defender for IoT's detection policy steers its different [alert engines](alert-engine-messages.md#supported-alert-types) to focus on alerts with business impact and relevance to an OT network, and reduce low-value IT related alerts. For example, the **Unauthorized internet connectivity** alert is highly relevant in an OT network, but has relatively low value in an IT network.
diff --git a/articles/defender-for-iot/organizations/whats-new.md b/articles/defender-for-iot/organizations/whats-new.md
@@ -18,6 +18,16 @@ Features released earlier than nine months ago are described in the [What's new
 
 [!INCLUDE [defender-iot-defender-reference](../includes/defender-for-iot-defender-reference.md)]
 
+## November 2024
+
+|Service area  |Updates  |
+|---------|---------|
+| **OT networks** | - [Group multiple alerts with the same parameters](#group-multiple-alerts-with-the-same-parameters)|
+
+### Group multiple alerts with the same parameters
+
+To reduce alert fatigue, multiple versions of an alert from the same category and the same parameters are grouped together, the number of alerts are listed and the appropriate remediation or Learn actions are listed. For more information, see [Group multiple alerts with the same parameters](alerts.md#alert-grouping)
+
 ## October 2024
 
 |Service area  |Updates  |
