You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-iot/organizations/how-to-configure-with-sentinel.md
+13-9Lines changed: 13 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,34 +2,38 @@
2
2
title: Configure Azure Sentinel with Defender for IoT for organizations
3
3
description: Explains how to configure Azure Sentinel to receive data from your Defender for IoT solution.
4
4
ms.topic: how-to
5
-
ms.date: 06/14/2021
5
+
ms.date: 11/08/2021
6
6
---
7
7
8
8
# Connect your data from Defender for IoT for organizations to Azure Sentinel (Public preview)
9
9
10
-
Use the Defender for IoT connector to stream all your Defender for IoT events into Azure Sentinel.
10
+
Use the Defender for IoT connector to stream all your Defender for IoT events into Azure Sentinel.
11
11
12
-
This integration enables organizations to quickly detect multistage attacks that often cross IT and OT boundaries. Additionally, Defender for IoT’s integration with Azure Sentinel's security orchestration, automation, and response (SOAR) capabilities enables automated response and prevention using built-in OT-optimized playbooks.
12
+
This integration enables organizations to quickly detect multistage attacks that often cross IT and OT boundaries. Additionally, Defender for IoT’s integration with Azure Sentinel's security orchestration, automation, and response (SOAR) capabilities enable automated response and prevention using built-in OT-optimized playbooks.
13
13
14
14
## Prerequisites
15
15
16
16
-**Read** and **Write** permissions on the Workspace onto which Azure Sentinel is deployed
17
+
17
18
-**Defender for IoT** must be **enabled** on your relevant IoT Hub(s)
19
+
18
20
- You must have **Contributor** permissions on the **Subscription** you want to connect
19
21
20
22
## Connect to Defender for IoT
21
23
22
24
1. In Azure Sentinel, select **Data connectors** and then select the **Defender for IoT** (may still be called Azure Security Center for IoT) from the gallery.
23
25
24
-
1. From the bottom of the right pane, click **Open connector page**.
26
+
1. From the bottom of the right pane, select **Open connector page**.
27
+
28
+
1. Select **Connect**, next to each subscription whose alerts and device alerts you want to stream into Azure Sentinel.
25
29
26
-
1. Click **Connect**, next to each IoT Hub subscription whose alerts and device alerts you want to stream into Azure Sentinel.
27
-
- You will receive an error message if Defender for IoT is not enabled on at least one IoT Hub within a subscription. Enable Defender for IoT within the IoT Hub to remove the error.
30
+
> [!NOTE]
31
+
>You will receive an error message if Defender for IoT is not enabled on at least one IoT Hub within that subscription. Enable Defender for IoT within the IoT Hub to remove the error.
28
32
29
-
1. You can decide whether you want the alerts from Defender for IoT to automatically generate incidents in Azure Sentinel. Under **Create incidents**, select **Enable** to enable the default analytics rule to automatically create incidents from the generated alerts. This rule can be changed or edited under **Analytics** > **Active rules**.
33
+
1. You can decide whether you want the alerts from Defender for IoT to automatically generate incidents in Azure Sentinel. Under **Create incidents**, select **Enable** to enable the default analytics rule to automatically create incidents from the generated alerts. This rule can be changed or edited under **Analytics** > **Active rules**.
30
34
31
35
> [!NOTE]
32
-
> It can take 10 seconds or more for the **Subscription** list to refresh after making connection changes.
36
+
> It can take 10 seconds or more for the **Subscription** list to refresh after making connection changes.
33
37
34
38
## Log Analytics alert view
35
39
@@ -51,4 +55,4 @@ After connecting a **Subscription**, the hub data is available in Azure Sentinel
51
55
52
56
In this document, you learned how to connect Defender for IoT to Azure Sentinel. To learn more about threat detection and security data access, see the following articles:
53
57
54
-
- Learn how to use Azure Sentinel to [Quickstart: Get started with Azure Sentinel](../../sentinel/get-visibility.md).
58
+
- Learn how to use Azure Sentinel to [Quickstart: Get started with Azure Sentinel](../../sentinel/get-visibility.md)
0 commit comments