Forum Discussion

amitcohen's avatar
amitcohen
Icon for Microsoft rankMicrosoft
Jul 21, 2022

Webinar: Sentinel IT/OT Threat Monitoring

Join us on Thursday 28.7 for a webinar on Sentinel IT/OT Threat Monitoring with Defender for IoT solution.
Learn how Defender for IoT's built-in integration with Sentinel helps bridge the gap between IT and OT security.
 
There has been a long-standing split between ICS/SCADA (OT) and Corporate (IT) cybersecurity. This split was often driven by significant differences in technology/tooling. Microsoft Defender for IoT's integration with Microsoft Sentinel drives convergency by providing a single pane for coverage of both D4IOT (OT) and Microsoft Sentinel (IT) alerting. This solution includes Workbooks and Analytics rules providing a guide OT detection and Analysis.
ICS Security
IoT security
OT Security
SCADA Security
security
threat intelligence

8 Replies

Sort By
  • Dean_Gross's avatar
    Dean_Gross
    Silver Contributor
    Oct 09, 2022

    how come the vendors actions created multiple incidents? i thought that sentinel would be correlating all of the alerts into one incidentamitcohen 

    • amitcohen's avatar
      amitcohen
      Icon for Microsoft rankMicrosoft
      Oct 11, 2022

      Hi Dean_Gross ,

      It is possible to define in Sentinel whether you want to create a separate incident for each Defender for IoT alert or whether you want to group a few alerts into the same incident.

      • Dean_Gross's avatar
        Dean_Gross
        Silver Contributor
        Oct 11, 2022

        amitcohen I understand that option exists, I just don't understand why it would be necessary. All of the alerts shown in the demo are obviously part of the same incident, so how come they were not correlated automatically? This is supposed to be one of the key benefits of Sentinel

  • Anonymous's avatar
    Anonymous
    Jul 25, 2022

    amitcohen Is the webinar also about the way D4IOT alert and device information is made available to Sentinel when using the on-premise management console? As far as I can see, the current documentation is always assuming that a cloud connected sensor is used.

    • amitcohen's avatar
      amitcohen
      Icon for Microsoft rankMicrosoft
      Jul 26, 2022

      Deleted Defender for IoT integration to Sentinel can be done in two ways; either using cloud-connected sensors or non-cloud-connected sensors.

      In the webinar, we will focus on the new integration that requires a cloud-connected sensor as a prerequisite, since most of the advanced features of a unified OT/IT SOC are available for that kind of integration.

Resources