You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-for-iot/get-started.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -43,6 +43,6 @@ To add a trial license for Microsoft Defender for IoT:
43
43
44
44
Once you have a trial license, [set up a new site](set-up-sites.md) so that Microsoft Defender for IoT can begin sending data to the Defender portal.
45
45
46
-
## Public preview features
46
+
## Turn on Public preview features
47
47
48
-
We recommend that you also turn on and benefit from the available [Defender portal preview features](/defender-xdr/preview#turn-on-preview-features).
48
+
Turn on the public preview features in the Microsoft Defender XDR settings to enable the site security features. Directions to change the settings are available in[Defender portal preview features](/defender-xdr/preview#turn-on-preview-features).
Copy file name to clipboardExpand all lines: defender-for-iot/investigate-threats.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,19 +11,19 @@ ms.topic: how-to
11
11
12
12
# Investigate incidents and alerts
13
13
14
-
Microsoft Defender for IoT in the Microsoft Defender portal displays incidents and alerts, which enhance your network security and operations with real-time details about events logged in your operational technology (OT) network.
14
+
Microsoft Defender for IoT in the Microsoft Defender portal displays incidents and alerts, which enhance your network security and operations with real-time details about events logged in your operational technology (OT) network.
15
15
16
-
Alerts are the basis of all incidents and indicate the occurrence of malicious or suspicious events in your environment. Within an incident, you analyze the alerts that affect your network, understand what they mean, and collate the evidence so that you can devise an effective remediation plan.
16
+
Alerts are the basis of all incidents and indicate the occurrence of malicious or suspicious events in your environment. Within an incident, you analyze the alerts that affect your network, understand what they mean, and collate the evidence so that you can devise an effective remediation plan.
17
17
18
18
Learn more about [alerts](/defender-xdr/investigate-alerts) and [incidents](/defender-xdr/investigate-incidents) in the Defender portal.
19
19
20
20
In this article, you learn how to investigate a Microsoft Defender for IoT incident and its associated alerts, and how to remediate the security issues raised by the alert.
21
21
22
-
Alerts in the **Incidents** page uniquely combine IT and OT environment signals to detect potential threats and data leaks. The **Incidents** page displays:
22
+
Alerts in the **Incidents** page uniquely combine IT and OT environment signals to detect potential threats and data leaks. The **Incidents** page displays:
23
23
24
24
- A history of the alerts connected to the incident and an incident graph. The graph shows other devices connected to the affected OT device that might also be compromised.
25
25
- Alert descriptions, which explain the type of detected security issue.
26
-
- Remediation options to solve the security problem.
26
+
- Remediation options to solve the security problem.
27
27
28
28
> [!NOTE]
29
29
> Incident and alert data for Defender for IoT only appear once you have a site set up and your devices are sending data to the Defender portal. Learn how to [set up a site](set-up-sites.md).
@@ -45,13 +45,13 @@ To investigate an alert:
45
45
46
46
1. Locate and select an incident.
47
47
48
-
The specific incident page shows the attack story made up of the alert timeline, an incident graph and the incident details. The incident graph displays the OT device and the other IT or IoT devices connected to this alert, to show possible compromised connections.
48
+
The specific incident page shows the attack story made up of the alert timeline, an incident graph and the incident details.
49
49
50
50
1. Select an alert from the alerts list.
51
51
52
52
The incident graph and incident details display specific data for this alert.
53
53
54
-
1. In the **Incident** panel, review the information, read the **Alert description** and follow the **Alert recommended actions** to remediate the issue.
54
+
1. In the **Incident** panel, review the information, read the **Alert description**, **Evidence** and **Impacted assetts** and follow the **Alert recommended actions** to remediate the issue.
Copy file name to clipboardExpand all lines: defender-for-iot/manage-sites.md
+4-6Lines changed: 4 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -22,13 +22,11 @@ When you manage a site, you might need to edit or delete the site information li
22
22
To edit or delete a site:
23
23
24
24
1. In the [Microsoft Defender portal](https://security.microsoft.com/machines) menu, select **Operational technology** > **Site security**.
25
-
1. Select the ellipsis (:::image type="icon" source="media/manage-sites/menu-ellipsis.png" alt-text="menu vertical ellipsis button":::) to the right of the site name.
25
+
1. Select the ellipsis (:::image type="icon" source="media/manage-sites/menu-ellipsis.png" alt-text="menu vertical ellipsis button":::) to the right of the site name.
26
26
1. Select one of the following:
27
27
28
-
- Select **Edit site**.to open the **Site details** pane, where you can make changes to the site. For more information, see [Site details](set-up-sites.md).
29
-
- Select **Delete site** to remove a site from the site list.
30
-
31
-
This deletes all site-related information for the associated devices.
28
+
- Select **Edit site** to open the **Site details** pane, where you can make changes to the site. For more information, see [Site details](set-up-sites.md).
29
+
- Select **Delete site** to remove a site from the site list. This deletes all site-related information for the associated devices.
32
30
33
31
## Add device group
34
32
@@ -39,7 +37,7 @@ You can set up a device group at different stages:
39
37
- To set up a device group as part of the site setup, see [Add a device group](set-up-sites.md#add-device-group).
40
38
- To set up a device group after you set up a site, see [Create and manage device groups](/defender-endpoint/machine-groups).
41
39
42
-
To get the full benefit of the device group, you might need to create roles and permission settings. For more information, see:
40
+
To get the full benefit of the device group, you might need to create roles and permission settings. For more information, see:
43
41
44
42
-[Role based access control in Microsoft Defender for Endpoint](/defender-endpoint/rbac)
45
43
-[Create and manage roles in Microsoft Defender for Endpoint](/defender-endpoint/user-roles)
Copy file name to clipboardExpand all lines: defender-for-iot/monitor-site-security.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,7 +11,7 @@ ms.topic: how-to
11
11
12
12
# Monitor site security
13
13
14
-
Microsoft Defender for IoT in the Microsoft Defender portal includes the **Site security** page, which offers an overview of the security state of your entire OT/IoT network. Your organization's security team can use this page to regularly monitor the security status of your production sites.
14
+
Microsoft Defender for IoT in the Microsoft Defender portal includes the **Site security** page, which offers an overview of the security state of your entire OT environment. Your organization's security team can use this page to regularly monitor the security status of your production sites.
15
15
16
16
In this article, you learn how to gain an overview of your site security, so your security team can decide how to prioritize and assign security issues.
17
17
@@ -31,7 +31,7 @@ The **Site security** page gives you an overview of the security status of your
31
31
-[Review the top **How protected are your sites** section](#review-site-protection-information) to get a general overview of your entire network, including sites with the highest number of devices that are exposed or at risk.
32
32
-[Review the site list](#review-the-site-list) to monitor specific security information for each site.
33
33
34
-
The data displayed in the **Site security** page is the total aggregated data for the entire network, and might include data for sites that you don't have access to. When you drill down into device data from the [site list](#review-the-site-list), the **Device Inventory** page only displays data for devices you can access.
34
+
The data displayed in the **Site security** page is the total aggregated data for the entire environment, and might include data for sites that you don't have access to. When you drill down into device data from the [site list](#review-the-site-list), the **Device Inventory** page only displays data for devices you can access.
35
35
36
36
## Review site protection information
37
37
@@ -49,11 +49,11 @@ Review the top **How protected are your sites** section to get the following inf
49
49
50
50
Review the site specific data in the sites list table.
51
51
52
-
Note that the data displayed in this table is the total aggregated data for the entire network, and might include data for sites that you don't have access to. When you drill down into device data, the **Device Inventory** page only displays data for devices you can access.
52
+
Note that the data displayed in this table is the total aggregated data for the entire environment, and might include data for sites that you don't have access to. When you drill down into device data, the **Device Inventory** page only displays data for devices you can access.
53
53
54
54
|Column | Description|Next steps |
55
55
|----|----|----|
56
56
|**Site name** |The site name and description. |- Select the **Site name** to open the **Insights** panel. This panel displays site details, such as total devices, site location, and site owners. You can also select **Edit site** to make changes to the site.<br>- Select the ellipsis (:::image type="icon" source="media/monitor-site-security/menu-ellipsis.png" alt-text="menu vertical ellipsis button":::) to the right of the site name to [manage the site](manage-sites.md).
57
57
|**Critical devices**|The number of critical devices at this site. A critical device is a self assigned device that has extra importance to your business or system, such as a server that contains confidential data. |- Use this data to prioritize protection for sites with critical devices.<br>- Select the number to open the **Device Inventory** page, filtered according to the site name and criticality level. |
58
58
|**Highly-exposed devices**|The number of highly exposed devices at this site. |Select the number to open the **Device Inventory** page, filtered according to the site name and high exposure level. |
59
-
|**Devices with high risk**|The number of high risk devices at this site. |Select the number to open the **Device Inventory** page, filtered according to the site name and high risk level. |
59
+
|**Devices with high risk**|The number of high risk devices at this site. |Select the number to open the **Device Inventory** page, filtered according to the site name and high risk level. |
0 commit comments