You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-for-iot/mde-deployment-guide.md
+9-13Lines changed: 9 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -21,16 +21,6 @@ MDE agents offer various discovery and security capabilities, such as passive mo
21
21
22
22
-[Standard probing](#standard-probing)
23
23
24
-
## General Recommendations
25
-
26
-
General recommendations to set up the MDE agent as an OT discovery data source are:
27
-
28
-
- Minimum Requirement: an MDE agent running in the subnet, if Standard mode is enabled<!-- Is this last part needed? is there something else if the mode is off? -->.
29
-
30
-
- Scanners per VLAN: at least five scanners per VLAN.
31
-
32
-
- Onboarding Devices: onboard any devices with the "Can Be Onboarded" status in order to increase visibility.
33
-
34
24
## Usage Ability
35
25
36
26
- Server 2019 and computers with Build Version 17763
@@ -51,11 +41,17 @@ Passive monitoring involves silently analyzing network traffic using known endpo
51
41
52
42
Standard probing involves actively probing observed devices in the network to enrich collected data.
53
43
54
-
This mode leverages common discovery protocols that use multicast queries in the network to identify other devices not located using passive monitoring. For example, MDE can use standard probing to actively find devices in your network, which helps build a reliable and coherent device inventory.<!-- this doesnt show and example for this type of probing?-->
44
+
This mode leverages common discovery protocols that use multicast queries in the network to identify other devices not located using passive monitoring. For example, MDE can use standard probing to actively find devices in your network, which helps build a reliable and coherent device inventory.
55
45
56
-
- Requirement: An MDE agent must be running on the LAN or subnet to be monitored.
46
+
General recommendations for standard probing to set up the MDE agent as an OT discovery data source are:
47
+
48
+
- Minimum Requirement: an MDE agent running on the LAN or subnet to be monitored.
49
+
50
+
- Scanners per VLAN: at least five scanners per VLAN.
51
+
52
+
- Onboarding Devices: onboard any devices with the "Can Be Onboarded" status in order to increase visibility.
57
53
58
-
- Functionality: Broadcast packets allow the MDE agent to create the device, <!-- Theo - what does this mean? create the device in the inventory? link to it?find it? identify it? -->though not necessarily with all the information needed for OT classification and CVEs. Based on the initial information discovered, the agent uses standard probing to complete the necessary information using appropriate protocols.
54
+
- Functionality: Broadcast packets allow the MDE agent to create the devicein the inventorythough not necessarily with all the information needed for OT classification and CVEs. Based on the initial information discovered, the agent uses standard probing to complete the necessary information using appropriate protocols.
59
55
60
56
:::image type="content" source="media/mde-agent-deployment-guide/mde-agent-deployment-guide-2.png" alt-text="A diagram showing the standard probing discovery process." lightbox="media/mde-agent-deployment-guide/mde-agent-deployment-guide-2.png":::
0 commit comments