Forum Widgets
Latest Discussions
How-To Change On-Prem Mgr IP in CLI (docs command invalid)
Can someone advice on the command to change the On-Premise Manage IP address? The command listed on the MS docs (network edit-settings) is not recognized by the OS. https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/references-work-with-defender-for-iot-cli-commands I can see a configuration file is created at /etc/netplan/01-management.yaml - however, this file is not persistent across reboots.Solvedry__panov__Nov 29, 2022Brass Contributor809Views0likes2CommentsHow to remove SSL Certificate on CLI
How can an SSL certificate get removed on the backend through the CLI? When I delete the cert in the GUI, it doesn't seem to actually get removed from the backend. The cert doesn't show in the GUI, but the cert is still recognized in the browser so it appears apache is still seeing it serving it up. There's a cert folder at: /var/cyberx/keys/certificates There's a properties folder at: /var/cyberx/properties Do I just remove the folder and restart apache? Are there any .properties files that need modified?Solvedry__panov__Oct 06, 2022Brass Contributor958Views0likes1Comment- 2.9KViews0likes2Comments
need a D4IOT sensor installation walkthrough - v22.x
Hi there, Does anyone have a virtual sensor installation walkthrough for the 22.2.4 D4IOT sensor on HyperV? I'm getting some weird errors near the end of the installation. Any tricks to the install? Eventually the installation finished but when I login there are no docker/container processes running an d I can't web to the sensor (but I can ping the sensor and ping the Internet while logged into a shell on the sensor). Note: 22.1.7 is fine. Upgrading from 22.17 to 22.2.4 is also broken. Thanks.SolvedSocInABoxAug 05, 2022Iron Contributor1.7KViews0likes3Comments
Deploying D4IoT Sensor to ThinkEdge SE40 - No Root Filesystem
Hi all, I'm in the process of setting up a POC with D4IoT to showcase to our partners. Unfortunately I've been having trouble installing directly on a Thinkedge SE40. When trying to install (100 GB profile) it seems like it fails on autocreating the partitions for the system and I'm getting an error displaying "No Root Filesystem". To my understanding there shouldn't be a problem installing on various hardware profiles? I’ve tried the following without luck: Delete partitions completely Create an ext4 partition over 100 GB (112GB) – rest as swap. Create an ext4 partition on 100 GB – rest as swap. Try and install 60 GB & 8 GB profile and even trying larger versions. I have no problem installing a normal ubuntu server on the hardware. I’ve attached an install log and picture of fault. I have no problem installing it in a VM - everything works there. So another solution i tried was to backup the VM and load it on the hardware. I was hoping i could run: sudo cyberx-management-network-reconfigure That doesn't seem to be available on the sensor host though. So I tried changing it manually in netplan, which brings the device on the network. But when trying to load the webinterface it's just spinning with "Collecting Data" indefinitely. I think it's a shame if i'm forced to install proxmox or another hypervisor on the hardware just to run it as a VM. Hardware Specs: ThinkEdge SE40 Core i5 8365UE / 1.6 GHz - RAM 8 GB - SSD 128 GB Hope somebody can help me move on. Best Regards, Jesper Hauge RasmussenSolvedjeharaJul 01, 2022Copper Contributor2.4KViews0likes9Comments
Is Raspberry PI Bullseye also supported by Defender for IoT agent installation?
Hello, As Azure IoT Edge is https://azure.microsoft.com/en-us/updates/azure-iot-edge-supports-debian-bullseye-arm32v7/ on a Raspberry PI, I was hoping to install the Defender for IoT agent on this device. But when I follow the Debian installation steps, I get an exception: sudo apt-get install defender-iot-micro-agent Reading package lists... Done Building dependency tree... Done Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: defender-iot-micro-agent : Depends: libcurl3 but it is not installable E: Unable to correct problems, you have held broken packages. Unfortunately, I'm not able to install libcurl3: sudo apt install libcurl3 Reading package lists... Done Building dependency tree... Done Reading state information... Done Package libcurl3 is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source However the following packages replace it: libcurl4 E: Package 'libcurl3' has no installation candidate Because libcurl3 is mandatory instead of optional, I'm not able to let the installer ignore it. Is there some solution? Thanks, SanderSolvedSander van de VeldeMay 24, 2022Copper Contributor4.7KViews0likes4Comments
Pcap player file upload
Hello All, I would like to upload multiple files to the Pcap player (System Settings->Pcap Player, see picture below) and let it run. However the browser dialog does not allow me to multi select. As a result, if I have more than one pcap samples, I am supposed to upload them on by one. Is there a way to upload multiple files at once? Thank you in advance for your time! Kind regards, VaninaSolvedVaninaYordMar 16, 2022Copper Contributor2.9KViews0likes7CommentsCVE detection mechanism
Hello everyone, I have a question about the CVE's displayed in the risk assessment report. According to the documentation the list of CVE's is generated based on the detected devices. Does the IoT Defender displays the CVE's based on patch or software version? Or does it display CVE's associated with the detected device without further filtering? In other words: How to exclude false positives? COuld you give me more information or sources about this matter? Thank you so much! Have a great day! Kind regards, VaninaSolvedVaninaYordMar 15, 2022Copper Contributor1.7KViews0likes3CommentsTime Threshold For Login failure alert
Hello Everyone, For Excessive SMB login attempts we have Allowed Failures-10 and for Excessive Login Attempts we have Threshold-20 to trigger alert. May I know what is the time duration to have such failure attempts as I don't see any time threshold ? If there is any time threshold can we modify as per our requirements to fine tune this alert.SolvedHaaris_FaizanMar 11, 2022Brass Contributor1.6KViews0likes1Comment
Resources
Tags
- microsoft defender for iot78 Topics
- IoT security63 Topics
- OT Security53 Topics
- ICS Security47 Topics
- SCADA Security44 Topics
- threat intelligence40 Topics
- threat protection13 Topics
- detection11 Topics
- security10 Topics
- microsoft 365 defender9 Topics