Defender for IoT Automating processes

Occasional Contributor

Hello,

 

I am trying to automate some processes we are performing using Defender for IoT, running on a virtual machine in Azure. 

 

Part of the tasks can be performed using the Defender For IoT Cli, another part can be done using the API functionalities. However, there are some tasks that I cannot yet find a way how to perform. A good example of such a task is playing pcap files. You can upload the pcap files to the desired location using a script. Is it possible to play the files using a script/ some other way?

 

Any input will be much appreciated.

Thank you for your time.

 

Kind regards,

Vanina

 

 

 

2 Replies

@VaninaYord  

You can offline upload PCAP files to your sensor machine and stream the data. 
the files are limited by 2GB. 
To enable the PCAP player via sensor UI open: "system settings" -> "advanced configuration" -> PCAP -> change the value of Pcap_enabler from 0 to 1. 
Once you'll do that PCAP Player option will be displayed as part of system settings -> basic.  
from there you can upload files and run them, results will be displayed on your D4IoT map/inventory / alerts/ ...

 

You can do this with the CLI using the cyberx_host user to SSH into the sensor and run tcpreplay, to replay a previously upload PCAP file into the monitoring interface.
BTW, how did you get the Sensor installed on an Azure VM?

There isn't an API endpoint to play PCAPs as far as I know.
Here's the API doc: https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/references-work-with-defender-...