Merge pull request #940 from tarTech23/sitec

Site schema

Author: tarTech23

defender-for-iot/TOC.yml

@@ -7,9 +7,11 @@
     - name: Overview
       items:
       - name: What is Microsoft Defender for IoT in the Defender portal?
-        href: microsoft-defender-iot.md      
+        href: microsoft-defender-iot.md    
+      - name: What's new
+        href: whats-new.md  
       - name: Site security
-        href: site-security-overview.md      
+        href: site-security-overview.md  
     - name: Get started
       items:
       - name: Prerequisites

defender-for-iot/investigate-threats.md

@@ -59,4 +59,17 @@ Defender for IoT generates its own unique alert.
 
 | Name | Description |
 |----|----|
-|**Possible operational impact due to a compromised device** |A compromised device communicated with an operational technology (OT) asset. An attacker might be attempting to control or disrupt physical operations. |
+|**Possible operational impact due to a compromised device** |A compromised device communicated with an operational technology (OT) asset. An attacker might be attempting to control or disrupt physical operations. |
+
+## Advanced hunting
+
+Use the **Site** property listed in the **DeviceInfo** table to write queries for advanced hunting. This allows you to filter devices according to a specific site, for example, all devices that communicated with malicious devices at a specific site.
+
+The following query lists all endpoint devices with the specific IP address at the San Francisco site.
+
+```kusto
+DeviceInfo
+|where Site == "SanFrancisco" and PublicIP == "192.168.1.1" and DeviceCategory == "Endpoint"
+```
+
+This is relevant for both the device inventory and site security. For more information, see [Advanced hunting](/../defender-xdr/advanced-hunting-overview) and the [Advanced hunting DeviceInfo schema](/../defender-xdr/advanced-hunting-deviceinfo-table).

defender-for-iot/whats-new.md

@@ -0,0 +1,31 @@
+---
+title: What's new in Microsoft Defender for IoT in the Defender portal
+description: This article describes new features available in Microsoft Defender for IoT in the Defender portal, including both OT and Enterprise IoT networks.
+ms.topic: whats-new
+ms.service: defender-for-iot
+author: lwainstein
+ms.author: lwainstein
+ms.localizationpriority: medium
+ms.date: 03/07/2024
+ms.custom: enterprise-iot
+---
+
+# What's new in Microsoft Defender for IoT?
+
+This article describes features available in Microsoft Defender for IoT in the Defender portal, across both OT and Enterprise IoT networks.
+
+[!INCLUDE [defender-iot-preview](../includes//defender-for-iot-defender-public-preview.md)]
+
+## July 2024
+
+|Service area  |Updates  |
+|---------|---------|
+| **OT networks** | - [Site property added DeviceInfo schema](#new-site-property-added-deviceinfo-schema) |
+
+### New Site property added DeviceInfo schema
+
+In the advanced hunting tables, the **Site** property is added to the **DeviceInfo** schema. For more information, see [investigate threats](investigate-threats.md#advanced-hunting).
+
+## Next steps
+
+[Get started with Defender for IoT](get-started.md)