draft

tarTech23 · tarTech23 · commit fcac1bcdbed3 · 2025-02-18T15:33:31.000+02:00
diff --git a/articles/defender-for-iot/organizations/iot-solution.md b/articles/defender-for-iot/organizations/iot-solution.md
@@ -32,10 +32,6 @@ Before you start, make sure you have the following requirements on your workspac
 
 - A Defender for IoT plan on your Azure subscription with data streaming into Defender for IoT. For more information, see [Quickstart: Get started with Defender for IoT](getting-started.md).
 
-> [!IMPORTANT]
-> Currently, having both the Microsoft Defender for IoT and the [Microsoft Defender for Cloud](../../sentinel/data-connectors/microsoft-defender-for-cloud.md) data connectors enabled on the same Microsoft Sentinel workspace simultaneously may result in duplicate alerts in Microsoft Sentinel. We recommend that you disconnect the Microsoft Defender for Cloud data connector before connecting to Microsoft Defender for IoT.
->
-
 ## Connect your data from Defender for IoT to Microsoft Sentinel
 
 Start by enabling the [Defender for IoT data connector](../../sentinel/data-connectors/microsoft-defender-for-iot.md) to stream all your Defender for IoT events into Microsoft Sentinel.
@@ -63,54 +59,54 @@ After you've connected a subscription to Microsoft Sentinel, you'll be able to v
     **To see all alerts generated by Defender for IoT**:
 
     ```kusto
-    SecurityAlert | where ProductName == "Azure Security Center for IoT"
+    SecurityAlert | where ProviderName == "IoTSecurity"
     ```
 
     **To see specific sensor alerts generated by Defender for IoT**:
 
     ```kusto
     SecurityAlert
-    | where ProductName == "Azure Security Center for IoT"
+    | where ProviderName == "IoTSecurity"
     | where tostring(parse_json(ExtendedProperties).SensorId) == “<sensor_name>”
     ```
 
     **To see specific OT engine alerts generated by Defender for IoT**:
 
     ```kusto
     SecurityAlert
-    | where ProductName == "Azure Security Center for IoT"
+    | where ProviderName == "IoTSecurity"
     | where ProductComponentName == "MALWARE"
 
     SecurityAlert
-    | where ProductName == "Azure Security Center for IoT"
+    | where ProviderName == "IoTSecurity"
     | where ProductComponentName == "ANOMALY"
 
     SecurityAlert
-    | where ProductName == "Azure Security Center for IoT"
+    | where ProviderName == "IoTSecurity"
     | where ProductComponentName == "PROTOCOL_VIOLATION"
 
     SecurityAlert
-    | where ProductName == "Azure Security Center for IoT"
+    | where ProviderName == "IoTSecurity"
     | where ProductComponentName == "POLICY_VIOLATION"
 
     SecurityAlert
-    | where ProductName == "Azure Security Center for IoT"
+    | where ProviderName == "IoTSecurity"
     | where ProductComponentName == "OPERATIONAL"
     ```
 
     **To see high severity alerts generated by Defender for IoT**:
 
     ```kusto
     SecurityAlert
-    | where ProductName == "Azure Security Center for IoT"
+    | where ProviderName == "IoTSecurity"
     | where AlertSeverity == "High"
     ```
 
     **To see specific protocol alerts generated by Defender for IoT**:
 
     ```kusto
     SecurityAlert
-    | where ProductName == "Azure Security Center for IoT"
+    | where PProviderName == "IoTSecurity"
     | where tostring(parse_json(ExtendedProperties).Protocol) == "<protocol_name>"
     ```
 
@@ -146,7 +142,7 @@ In Microsoft Sentinel, use the following query to check the records added to the
 
 ```kql
 SecurityAlert
-|  where ProductName == "Azure Security Center for IoT"
+|  where ProviderName == "IoTSecurity"
 |  where VendorOriginalId == "Defender for IoT Alert ID"
 | sort by TimeGenerated desc
 ```
