Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Webinar: Sentinel IT/OT Threat Monitoring

Microsoft
Join us on Thursday 28.7 for a webinar on Sentinel IT/OT Threat Monitoring with Defender for IoT solution.
Learn how Defender for IoT's built-in integration with Sentinel helps bridge the gap between IT and OT security.
 
There has been a long-standing split between ICS/SCADA (OT) and Corporate (IT) cybersecurity. This split was often driven by significant differences in technology/tooling. Microsoft Defender for IoT's integration with Microsoft Sentinel drives convergency by providing a single pane for coverage of both D4IOT (OT) and Microsoft Sentinel (IT) alerting. This solution includes Workbooks and Analytics rules providing a guide OT detection and Analysis.
8 Replies

@amitcohen Is the webinar also about the way D4IOT alert and device information is made available to Sentinel when using the on-premise management console? As far as I can see, the current documentation is always assuming that a cloud connected sensor is used.

@mwittersict Defender for IoT integration to Sentinel can be done in two ways; either using cloud-connected sensors or non-cloud-connected sensors.

In the webinar, we will focus on the new integration that requires a cloud-connected sensor as a prerequisite, since most of the advanced features of a unified OT/IT SOC are available for that kind of integration.

Hello, has this webinar been recorded by any chance?

Hi @CindySvB2022,

Yes. You can find the recording here:
https://www.youtube.com/watch?v=nbCg8jlR1Gk

Thanks!

how come the vendors actions created multiple incidents? i thought that sentinel would be correlating all of the alerts into one incident@amitcohen 

Hi @Dean Gross ,

It is possible to define in Sentinel whether you want to create a separate incident for each Defender for IoT alert or whether you want to group a few alerts into the same incident.

@amitcohen I understand that option exists, I just don't understand why it would be necessary. All of the alerts shown in the demo are obviously part of the same incident, so how come they were not correlated automatically? This is supposed to be one of the key benefits of Sentinel