cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Use Azure Workbooks in Microsoft Defender for IoT
By
Yairzarka
Published Mar 22 2022 07:44 AM 4,400 Views
Yairzarka
Microsoft
‎Mar 22 2022 07:44 AM

Use Azure Workbooks in Microsoft Defender for IoT

‎Mar 22 2022 07:44 AM

CISOs and security administrators have a lot on their plate. Managing OT/IoT security posture across different sites and systems requires constant attention. Now, Defender for IoT makes this easy to do with built in workbooks providing at-a-glance visibility to sensor health, alerts, and device inventory.

 

In this blog post, learn how to use workbooks created by Microsoft or create your own custom workbooks.

 

Yairzarka_1-1647951512894.png

 

Each workbook graph or chart is based on an Azure Resource Graph query running on your data. In Defender for IoT, you might use ARG queries to:

  • Gather sensor statuses
  • Identify new devices in your network
  • Find alerts related to specific IP addresses
  • Understand which alerts are seen by each sensor.

 

Working with Workbooks

ARG queries can be integrated into Dashboards or Workbooks, enabling you to see your data where it is most relevant. Each query can be presented both textually and graphically. To view out-of-the-box workbooks created by Microsoft, or other workbooks already saved to your subscription, go to Defender for IoT and select Workbooks on the left.

 

Yairzarka_2-1647951512902.png

Defender for IoT provides the following workbooks out-of-the-box:

  • Sensor health. Displays data about your sensor health, such as the sensor console software versions installed on your sensors.
  • Alerts. Displays data about alerts occurring on your sensors, including alerts by sensor, alert types, recent alerts generated, and more.
  • Devices. Displays data about your device inventory, including devices by vendor, subtype, and new devices identified.

 

Create Custom Workbooks

 

Use the Defender for IoT Workbooks page to create custom Azure Monitor workbooks directly in Defender for IoT.

  1. On the Workbooks page, select New, or to start from another template, open the template workbook and select Edit.
  2. In your new workbook, select Add, and select the option you want to add to your workbook. If you're editing an existing workbook or template, select the options (...) button on the right to access the Add menu.

query.gif

 

 

Queries can be both predefined, and open to user input. 

In the toolbar, select “Save” or “Save as” to save your workbook, and then select Done editing.

 

Community

For more workbooks and other great content, we invite you to join Defender for IoT’s private community. This is a great place to collaborate with peers, gain access to early designs and features and share feedback that will directly influence our features before they become public. To join us, follow this link: https://aka.ms/PrSecCom.

 

 

Examples

To make the most of ARG queries, you can use one of the following example queries, or build your own queries using the Azure Resource Graph Explorer.

 

Sensor Health

 

 

 

iotsecurityresources

| where type == "microsoft.iotsecurity/sensors"

| extend Status= properties.sensorStatus

| summarize count() by tostring(Status)

 

 

 

 

Alerts

  • New alerts from the last 24 hours.

 

 

 

iotsecurityresources
| where type == "microsoft.iotsecurity/locations/devicegroups/alerts"
| where properties.status!='Closed'
| extend AlertTime=properties.startTimeUtc
| extend Type=properties.displayName
| extend DeviceID= properties.extendedProperties.DeviceId
| where AlertTime > ago(1d)
| project AlertTime, Type, DeviceID

 

 

 

 

For more information on related tools, see the following pages:

 

0 Likes
Like
1 Comment
Co-Authors
Version history
Last update:
‎Mar 22 2022 06:41 AM
Updated by:
Labels