You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CloudAppSecurityDocs/network-requirements.md
+9Lines changed: 9 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,6 +11,15 @@ ms.topic: reference
11
11
12
12
This article provides a list of ports and IP addresses you need to allow and allowlist to work with Microsoft Defender for Cloud Apps.
13
13
14
+
In order to stay up to date on IP ranges, it's recommended to refer to the following Azure service tags for Microsoft Defender for Cloud Apps services. The latest IP ranges are found in the service tag. For more information, see [Azure IP ranges](https://azureipranges.azurewebsites.net/).
15
+
16
+
| Service tag name | Defender for Cloud Apps services included |
17
+
|:---|:---|
18
+
| MicrosoftCloudAppSecurity | Portal access, Access and session controls, SIEM agent connection, App connector, Mail server, Log collector. |
19
+
20
+
The following tables list the current static IP ranges covered by the MicrosoftCloudAppSecurity service tag. For latest list, refer to the [Azure service tags](/azure/virtual-network/service-tags-overview) documentation.
21
+
22
+
14
23
## View your data center
15
24
16
25
Some of the requirements below depend on which data center you're connected to.
-[Investigate the device details](/defender-endpoint/investigate-machines) to identify behaviors or events that might be related to the alert.
51
51
- In the device details pane, select the ellipsis on the top right to [take response actions on a device](/defender-endpoint/respond-machine-alerts).
52
+
-[Manually update the site associated with a device](manage-sites.md#manually-update-device-site-association) to maintain accurate monitoring of the network traffic.<!-- Devices can be manually updated[Update the site associated with a device.-->
Security admininstrators can manually assign or modify the site location for a device. Manually assigning a site overrides the automatic site association created when making the site.
23
+
24
+
To quickly update a group of devices, select multiple devices from the inventory and set the site for all of the selected devices simulataneously.
25
+
26
+
**To change the site associated with a device**:
27
+
28
+
1. Select **Assets -> Devices** to open the **Device Inventory**.
29
+
30
+
1. Select the device, or group of devices, to update. A list of action buttons appear at the top of the Device Inventory table.
31
+
32
+
1. Select **Set site**. The **Set site** pane opens.
33
+
34
+
:::image type="content" source="media/manage-sites/set-site-from-inventory-boxed.png" alt-text="Screenshot of the set site button in the device inventory table for changing the site location setting" lightbox="media/manage-sites/set-site-from-inventory-boxed.png":::
35
+
36
+
1. In **Set site manually**, open the **Select site** drop down list and select the site to associate with this device. If you want to leave a device unassociated with a specific site, select **Unassigned**.
37
+
38
+
:::image type="content" source="media/manage-sites/device-set-site-manually.png" alt-text="Screenshot of the set site manually drop down list for changing the site location setting" lightbox="media/manage-sites/device-set-site-manually.png":::
39
+
40
+
1. Select **Save and close**.
41
+
42
+
1. The Set site confirmation box appears. Select **Confirm** to finalize the change. Finalizing the change prevents automatic site reassignment based on existing site security rules. This change remains until the device is reset manually.
43
+
44
+
>[!Note]
45
+
>
46
+
>For managing an entire site, instead of manually changing each individual device to a new site, it is recommended to go to **Site security** and use the **Edit site** wizard to more efficiently manage the site and the devices associated to it. For more information, see [Site security](monitor-site-security.md).
Copy file name to clipboardExpand all lines: defender-for-iot/set-up-sites.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -68,7 +68,7 @@ In this stage, you configure Defender for IoT to associate devices to the site,
68
68
69
69
Use the **Group** column to check the ID for each suggested site. Sites with the same ID indicate that the devices are likely located at the same physical location. As these suggested sites are expected to belong to the same site, review and confirm that the devices listed are correct before making your selections and associating the suggested sites.
70
70
71
-
:::image type="content" source="media/set-up-sites/site-security-associate-group.png" alt-text="Screenshot showing the associate devices screen and the suggested list of OT devices per location with the Group column in the site set-up page of Microsoft Defender for IoT in the Microsoft Defender portal." lightbox="media/set-up-sites/site-security-associate-group.png":::
71
+
:::image type="content" source="media/set-up-sites/site-security-associate-group.png" alt-text="Screenshot showing the associate devices screen and the suggested list of OT devices per location with the Group column in the site set-up page of Microsoft Defender for IoT in the Microsoft Defender portal." lightbox="media/set-up-sites/site-security-associate-group.png":::
|**OT networks**| - [Manually update the site association of a device](#manually-update-the-site-association-of-a-device)|
23
+
24
+
### Manually update the site association of a device
25
+
26
+
Manually assign or modify the site location for a specific device or set of devices. For more information, see [manually update device site association](manage-sites.md#manually-update-device-site-association).
Copy file name to clipboardExpand all lines: defender-xdr/investigate-respond-container-threats.md
+8-5Lines changed: 8 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -124,7 +124,9 @@ To determine the full scope of a container attack, you can deepen your investiga
124
124
125
125
In the [Advanced hunting](advanced-hunting-overview.md) page, you can extend your search for container-related activities using the **CloudProcessEvents** and **CloudAuditEvents** tables.
126
126
127
-
The [CloudProcessEvents](advanced-hunting-cloudprocessevents-table.md) table contains information about process events in multi-cloud hosted environments such as Azure Kubernetes Service, Amazon Elastic Kubernetes Service, and Google Kubernetes Engine. On the other hand, the [CloudAuditEvents](advanced-hunting-cloudauditevents-table.md) table contains cloud audit events from cloud platforms protected by Microsoft Defender for Cloud. It also contains Kubeaudit logs, which holds information about Kubernetes-related events.
127
+
The [CloudProcessEvents](advanced-hunting-cloudprocessevents-table.md) table contains information about process events in multi-cloud hosted environments such as Azure Kubernetes Service, Amazon Elastic Kubernetes Service, and Google Kubernetes Engine.
128
+
129
+
The [CloudAuditEvents](advanced-hunting-cloudauditevents-table.md) table contains cloud audit events from cloud platforms protected by Microsoft Defender for Cloud. It also contains Kubeaudit logs, which holds information about Kubernetes-related events.
128
130
129
131
## Troubleshoot issues
130
132
@@ -150,7 +152,7 @@ Learn how to access the Cloud Shell and check your network plugins by following
150
152
2. Above the **Essential** information, select **Connect** button and follow the instructions.
151
153
3. The Cloud Shell opens at the bottom of your browser. In the command line interface, run the following command to check your network plugins:
152
154
153
-
**kubectl get pods --all-namespaces -o json | jq -r '.items[].metadata.labels["k8s-app"]' | uniq | grep -E 'azure-npm|calico-node|cilium|aws-node' | head -n 1**
The results should mention any of the specified plugins in the network policy requirement. An empty line means that the supported plugin is not installed.
156
158
@@ -159,7 +161,7 @@ The results should mention any of the specified plugins in the network policy re
159
161
1. Navigate your cluster in Google Cloud Portal.
160
162
2. Select **Connect** above the name of the cluster. In the small window that appears, copy the following command and run it in your local terminal.
161
163
162
-
**kubectl get pods --all-namespaces -o json | jq -r '.items[].metadata.labels["k8s-app"]' | uniq | grep -E 'azure-npm|calico-node|cilium|aws-node' | head -n 1**
3. You can also choose **Run in Cloud Shell** to run a shell session that opens at the bottom of your browser. You can copy the command in the interface to check your network plugins.
165
167
@@ -170,15 +172,16 @@ The results should mention any of the specified plugins in the network policy re
170
172
1. Navigate to your cluster in AWS Cloud Portal.
171
173
2. Select **CloudShell** on the top-right corner. A Cloud Shell session opens at the bottom of your browser, which provides a command-line interface to manage your AWS resources.
172
174
3. Connect to your cluster by running the following command:</br></br>
0 commit comments