Recent Discussions
Webinar: Sentinel IT/OT Threat Monitoring
Join us on Thursday 28.7 for a webinar on Sentinel IT/OT Threat Monitoring with Defender for IoT solution. Learn how Defender for IoT's built-in integration with Sentinel helps bridge the gap between IT and OT security. Registration is now open , for July 28 There has been a long-standing split between ICS/SCADA (OT) and Corporate (IT) cybersecurity. This split was often driven by significant differences in technology/tooling. Microsoft Defender for IoT's integration with Microsoft Sentinel drives convergency by providing a single pane for coverage of both D4IOT (OT) and Microsoft Sentinel (IT) alerting. This solution includes Workbooks and Analytics rules providing a guide OT detection and Analysis.
Pcap player file upload
Hello All, I would like to upload multiple files to the Pcap player (System Settings->Pcap Player, see picture below) and let it run. However the browser dialog does not allow me to multi select. As a result, if I have more than one pcap samples, I am supposed to upload them on by one. Is there a way to upload multiple files at once? Thank you in advance for your time! Kind regards, VaninaAzure Defender for IoT - Version 22.1.4 Release
Microsoft is excited to announce version 22.1.4 release of Azure Defender for IoT. To learn more, visit Azure Defender for IoT Release Notes | Microsoft Docs Download links available at Defender for IoT Management Portal - Microsoft Azure. What's New? Version 22.1.4 of Microsoft Defender for IoT delivers extended device inventory information on the Azure portal with extended data for the following fields: Description Tags Protocols Scanner Last Activity MD5 Hash - 1ed781cb82492dab1f35983ed331ca0a About Defender for IoT Azure Defender for IoT provides agentless, network-layer security, provides security for diverse industrial equipment, and interoperates with Azure Sentinel and other SOC tools. Continuous asset discovery, vulnerability management, and threat detection for Internet of Things (IoT) devices, operational technology (OT) and Industrial Control Systems (ICS) can be deployed on-premises or in Azure-connected environments.Azure Defender for IoT - Version 10.5.4 Release
Microsoft is excited to announce version 10.5.4 release of Azure Defender for IoT. To learn more, visit Azure Defender for IoT Release Notes | Microsoft Docs Download links available at Defender for IoT Management Portal - Microsoft Azure. What's New? Version 10.5.4 of Microsoft Defender for IoT delivers important security & alert enhancements: As of version 10.5.4, all components that were affected by CVE-2021-44228 and CVE-2021-45046 have been upgraded and secured. Customers are strongly encouraged to apply this update as soon as possible. For more information click here. Reduce alert volume and enable more efficient targeting and analysis of security and operational events (detailed information in the release notes). Alerts for certain minor events or edge-cases are now disabled. For certain scenarios, similar alert are minimized in a single alert messages MD5 Hash - 405726f3eefff28212f4efbddc05445d About Defender for IoT Azure Defender for IoT provides agentless, network-layer security, provides security for diverse industrial equipment, and interoperates with Azure Sentinel and other SOC tools. Continuous asset discovery, vulnerability management, and threat detection for Internet of Things (IoT) devices, operational technology (OT) and Industrial Control Systems (ICS) can be deployed on-premises or in Azure-connected environments.
Latest Threat Intelligence (February 2024)
Microsoft Defender for IoT has released the February 2024 Threat Intelligence package. The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. Each package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month) researched and implemented by Microsoft Threat Intelligence Research - CPS. The CVE scores are aligned with the National Vulnerability Database (NVD). Starting with the August 2023 threat intelligence updates, CVSSv3 scores are shown if they are relevant; otherwise the CVSSv2 scores are shown. Guidance Customers are recommended to update their systems with the latest TI package in order to detect potential exposure risks and vulnerabilities in their networks and on their devices. Threat Intelligence packages are updated every month with the most up-to-date security information available, ensuring that Microsoft Defender for IoT can identify malicious actors and behaviors on devices. What's new? Log4j - optimized alerts when interoperating with endpoint AV. Update your system with the latest TI package The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file), for more information, please review Update threat intelligence data | Microsoft Docs. MD5 Hash: 9e66792f9c3132094054bd61fa1a0e42 For cloud connected sensors, Microsoft Defender for IoT can automatically update new threat intelligence packages following their release, click here for more information.
Using API to create exclusion in CM(Central Manager) Server
Hello Everyone, We can create API to create exclusion in CM based on different parameters like ttl, engines,SensorIds, subnets. However, giving ttl is mandatory otherwise exclusion can't be created. But I want to create permanent(Without giving any TTL) exclusion for all sensors on my side for specific servers in all sensors except Malware engine. Maybe we can create exclusion based on certain TTL values and make that API run at specific time interval to get the time TTL updated. Can we do this in CM ? I meant to say that can we schedule it in CM? Any thought or other ideas based on the above requirement or scenarioAzure Security Center for IoT Webinar
Interested in learning about Azure Security Center for IoT? Check out our upcoming webinar. Details and registration at https://aka.ms/ASCIoTWebinar. Azure Security Center for IoT is a new solution that allows organizations to easily protect their IoT deployments with threat protection driven by Microsoft’s unique threat intelligence. You can find more information about it at https://docs.microsoft.com/en-us/azure/asc-for-iot/overview. The webinar will take place on Monday, August 5, 2019 at 08:00 PT / 11:00 ET / 15:00 GMT. Afterward, the recording will be posted to https://aka.ms/ASCIoTRecordings. We hope you’ll join us!Inventory dashboards and workbooks
Dear MDIoT community, This is you opportunity to make an impact! Please share with is what dashboards, summarized views, reports or workbooks would be beneficial for you around Device Inventory data. A couple of simple examples: - Division of device subtypes per VLANs/site/importance - Report for all newly discovered devices over the past 14 days Let us know what you think! Nimrod.
Microsoft Defender for IoT - New Release (OT v22.3.4)
Microsoft Defender for IoT is excited to announce a new major release of OT sensor version (22.3.4). To learn more, visit Defender for IoT Release Notes | Microsoft Docs Download links available at Defender for IoT Management Portal - Microsoft Azure. What's New? Service area Updates OT networks Version 22.3.4: Azure connectivity status shown on OT sensors MD5 Hash - f781734c1b8e2baf94f7a1fd6508df79 About Defender for IoT Microsoft Defender for IoT provides agentless, network-layer security, provides security for diverse industrial equipment, and interoperates with Microsoft Sentinel and other SOC tools. Continuous asset discovery, vulnerability management, and threat detection for Internet of Things (IoT) devices, operational technology (OT) and Industrial Control Systems (ICS) can be deployed on-premises or in Azure-connected environments.Sentinel OT | Solution Package Release V2.0.1
We are happy to announce that new content is now available in Microsoft Sentinel's content hub for the Defender for IoT solution package V2.0.1 In this release we are introducing set of new features available in the most up-to-date Microsoft Defender for IoT solution package: Solution name changed to Microsoft Defender for IoT. Enhanced management capabilities for Defender for IoT Content Hub Solution - See content deployed by in a single pane, easily manage that content. Fore more info click here. Workbook improvements - The workbook now includes: A new Overview dashboard with key metrics on the device inventory, threat detection, and security posture. A new Vulnerabilities dashboard. Improvements on the Device inventory dashboard, including access to device recommendations, vulnerabilities, and direct links to the Defender for IoT device details pages. Playbook updates - Solution now supports the following SOC automation functionality with new playbooks: Automation with CVE details (Auto triage incidents with active CVEs) Automation for email notifications to device owners. Automation for incidents with sensitive devices For more information, see Investigate Microsoft Defender for IoT incidents with Microsoft Sentinel.Can I Connect on-premises management console to Defender for IoT Portal
I have setup on-premises management console and activated it. I connected one offline sensor using the connection string, the sensor is connected to the management console and sending its device inventory to the management console. I don't see that device inventory in Defender for IoT portal, (like the online sensor) is that an expected behavior? the management console doesn't show in the IoT portal!, how to forward the alerts from management console to IoT portal? (or To Microsoft Sentinel). in the forwarding rule section it asks about the Azure Sentinel host name, not sure what to enter in this field?Defender for IoT Automating processes
Hello, I am trying to automate some processes we are performing using Defender for IoT, running on a virtual machine in Azure. Part of the tasks can be performed using the Defender For IoT Cli, another part can be done using the API functionalities. However, there are some tasks that I cannot yet find a way how to perform. A good example of such a task is playing pcap files. You can upload the pcap files to the desired location using a script. Is it possible to play the files using a script/ some other way? Any input will be much appreciated. Thank you for your time. Kind regards, Vanina
Recent Blogs
- 1 MIN READWhat Does This Playbook Do? This new automated playbook sends real-time email notifications whenever a sensor disconnects from the cloud. This ensures you’re immediately alerted if there’s an issue...Mar 20, 2025
- 1 MIN READWe are excited to announce that Single Sign-On (SSO) is now available for the sensor console! This new feature streamlines the login process by using Entra ID, enhancing security and convenience for ...May 02, 2024
