Microsoft Defender for IoT | Microsoft Community Hub

Forum Widgets

Latest Discussions

Deploying D4IoT Sensor to ThinkEdge SE40 - No Root Filesystem
Hi all, I'm in the process of setting up a POC with D4IoT to showcase to our partners. Unfortunately I've been having trouble installing directly on a Thinkedge SE40. When trying to install (100 GB profile) it seems like it fails on autocreating the partitions for the system and I'm getting an error displaying "No Root Filesystem". To my understanding there shouldn't be a problem installing on various hardware profiles? I’ve tried the following without luck: Delete partitions completely Create an ext4 partition over 100 GB (112GB) – rest as swap. Create an ext4 partition on 100 GB – rest as swap. Try and install 60 GB & 8 GB profile and even trying larger versions. I have no problem installing a normal ubuntu server on the hardware. I’ve attached an install log and picture of fault. I have no problem installing it in a VM - everything works there. So another solution i tried was to backup the VM and load it on the hardware. I was hoping i could run: sudo cyberx-management-network-reconfigure That doesn't seem to be available on the sensor host though. So I tried changing it manually in netplan, which brings the device on the network. But when trying to load the webinterface it's just spinning with "Collecting Data" indefinitely. I think it's a shame if i'm forced to install proxmox or another hypervisor on the hardware just to run it as a VM. Hardware Specs: ThinkEdge SE40 Core i5 8365UE / 1.6 GHz - RAM 8 GB - SSD 128 GB Hope somebody can help me move on. Best Regards, Jesper Hauge Rasmussen
Solved
jehara
Copper Contributor
Jul 01, 2022
2.4KViews
0likes
9Comments
Webinar: Sentinel IT/OT Threat Monitoring
Join us on Thursday 28.7 for a webinar on Sentinel IT/OT Threat Monitoring with Defender for IoT solution. Learn how Defender for IoT's built-in integration with Sentinel helps bridge the gap between IT and OT security. Registration is now open , for July 28 There has been a long-standing split between ICS/SCADA (OT) and Corporate (IT) cybersecurity. This split was often driven by significant differences in technology/tooling. Microsoft Defender for IoT's integration with Microsoft Sentinel drives convergency by providing a single pane for coverage of both D4IOT (OT) and Microsoft Sentinel (IT) alerting. This solution includes Workbooks and Analytics rules providing a guide OT detection and Analysis.
amitcohen
Microsoft
Jul 21, 2022
ICS Security
IoT security
OT Security
SCADA Security
security
3.3KViews
0likes
8Comments
Pcap player file upload
Hello All, I would like to upload multiple files to the Pcap player (System Settings->Pcap Player, see picture below) and let it run. However the browser dialog does not allow me to multi select. As a result, if I have more than one pcap samples, I am supposed to upload them on by one. Is there a way to upload multiple files at once? Thank you in advance for your time! Kind regards, Vanina
Solved
VaninaYord
Copper Contributor
Mar 16, 2022
2.9KViews
0likes
7Comments
Azure Defender for IoT - Version 22.1.4 Release
Microsoft is excited to announce version 22.1.4 release of Azure Defender for IoT. To learn more, visit Azure Defender for IoT Release Notes | Microsoft Docs Download links available at Defender for IoT Management Portal - Microsoft Azure. What's New? Version 22.1.4 of Microsoft Defender for IoT delivers extended device inventory information on the Azure portal with extended data for the following fields: Description Tags Protocols Scanner Last Activity MD5 Hash - 1ed781cb82492dab1f35983ed331ca0a About Defender for IoT Azure Defender for IoT provides agentless, network-layer security, provides security for diverse industrial equipment, and interoperates with Azure Sentinel and other SOC tools. Continuous asset discovery, vulnerability management, and threat detection for Internet of Things (IoT) devices, operational technology (OT) and Industrial Control Systems (ICS) can be deployed on-premises or in Azure-connected environments.
arielsgv
Microsoft
Apr 07, 2022
ICS Security
IoT security
microsoft defender for iot
OT Security
SCADA Security
2.5KViews
0likes
5Comments
Azure Defender for IoT - Version 10.5.4 Release
Microsoft is excited to announce version 10.5.4 release of Azure Defender for IoT. To learn more, visit Azure Defender for IoT Release Notes | Microsoft Docs Download links available at Defender for IoT Management Portal - Microsoft Azure. What's New? Version 10.5.4 of Microsoft Defender for IoT delivers important security & alert enhancements: As of version 10.5.4, all components that were affected by CVE-2021-44228 and CVE-2021-45046 have been upgraded and secured. Customers are strongly encouraged to apply this update as soon as possible. For more information click here. Reduce alert volume and enable more efficient targeting and analysis of security and operational events (detailed information in the release notes). Alerts for certain minor events or edge-cases are now disabled. For certain scenarios, similar alert are minimized in a single alert messages MD5 Hash - 405726f3eefff28212f4efbddc05445d About Defender for IoT Azure Defender for IoT provides agentless, network-layer security, provides security for diverse industrial equipment, and interoperates with Azure Sentinel and other SOC tools. Continuous asset discovery, vulnerability management, and threat detection for Internet of Things (IoT) devices, operational technology (OT) and Industrial Control Systems (ICS) can be deployed on-premises or in Azure-connected environments.
arielsgv
Microsoft
Dec 16, 2021
2KViews
0likes
5Comments
Latest Threat Intelligence (February 2024)
Microsoft Defender for IoT has released the February 2024 Threat Intelligence package. The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. Each package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month) researched and implemented by Microsoft Threat Intelligence Research - CPS. The CVE scores are aligned with the National Vulnerability Database (NVD). Starting with the August 2023 threat intelligence updates, CVSSv3 scores are shown if they are relevant; otherwise the CVSSv2 scores are shown. Guidance Customers are recommended to update their systems with the latest TI package in order to detect potential exposure risks and vulnerabilities in their networks and on their devices. Threat Intelligence packages are updated every month with the most up-to-date security information available, ensuring that Microsoft Defender for IoT can identify malicious actors and behaviors on devices. What's new? Log4j - optimized alerts when interoperating with endpoint AV. Update your system with the latest TI package The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file), for more information, please review Update threat intelligence data | Microsoft Docs. MD5 Hash: 9e66792f9c3132094054bd61fa1a0e42 For cloud connected sensors, Microsoft Defender for IoT can automatically update new threat intelligence packages following their release, click here for more information.
Theo_Cohen
Microsoft
Feb 29, 2024
detection
ICS Security
microsoft defender for iot
OT Security
SCADA Security
1.1KViews
2likes
4Comments
Is Raspberry PI Bullseye also supported by Defender for IoT agent installation?
Hello, As Azure IoT Edge is https://azure.microsoft.com/en-us/updates/azure-iot-edge-supports-debian-bullseye-arm32v7/ on a Raspberry PI, I was hoping to install the Defender for IoT agent on this device. But when I follow the Debian installation steps, I get an exception: sudo apt-get install defender-iot-micro-agent Reading package lists... Done Building dependency tree... Done Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: defender-iot-micro-agent : Depends: libcurl3 but it is not installable E: Unable to correct problems, you have held broken packages. Unfortunately, I'm not able to install libcurl3: sudo apt install libcurl3 Reading package lists... Done Building dependency tree... Done Reading state information... Done Package libcurl3 is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source However the following packages replace it: libcurl4 E: Package 'libcurl3' has no installation candidate Because libcurl3 is mandatory instead of optional, I'm not able to let the installer ignore it. Is there some solution? Thanks, Sander
Solved
Sander van de Velde
Copper Contributor
May 24, 2022
IoT security
microsoft defender for iot
4.7KViews
0likes
4Comments
Using API to create exclusion in CM(Central Manager) Server
Hello Everyone, We can create API to create exclusion in CM based on different parameters like ttl, engines,SensorIds, subnets. However, giving ttl is mandatory otherwise exclusion can't be created. But I want to create permanent(Without giving any TTL) exclusion for all sensors on my side for specific servers in all sensors except Malware engine. Maybe we can create exclusion based on certain TTL values and make that API run at specific time interval to get the time TTL updated. Can we do this in CM ? I meant to say that can we schedule it in CM? Any thought or other ideas based on the above requirement or scenario
Haaris_Faizan
Brass Contributor
Mar 01, 2022
microsoft defender for iot
1.2KViews
0likes
4Comments
Azure Security Center for IoT Webinar
Interested in learning about Azure Security Center for IoT? Check out our upcoming webinar. Details and registration at https://aka.ms/ASCIoTWebinar. Azure Security Center for IoT is a new solution that allows organizations to easily protect their IoT deployments with threat protection driven by Microsoft’s unique threat intelligence. You can find more information about it at https://docs.microsoft.com/en-us/azure/asc-for-iot/overview. The webinar will take place on Monday, August 5, 2019 at 08:00 PT / 11:00 ET / 15:00 GMT. Afterward, the recording will be posted to https://aka.ms/ASCIoTRecordings. We hope you’ll join us!
Ryan Heffernan
Microsoft
Jul 18, 2019
IoT security
3.6KViews
7likes
3Comments
need a D4IOT sensor installation walkthrough - v22.x
Hi there, Does anyone have a virtual sensor installation walkthrough for the 22.2.4 D4IOT sensor on HyperV? I'm getting some weird errors near the end of the installation. Any tricks to the install? Eventually the installation finished but when I login there are no docker/container processes running an d I can't web to the sensor (but I can ping the sensor and ping the Internet while logged into a shell on the sensor). Note: 22.1.7 is fine. Upgrading from 22.17 to 22.2.4 is also broken. Thanks.
Solved
SocInABox
Iron Contributor
Aug 04, 2022
1.7KViews
0likes
3Comments

Resources

Tags