less than 1 minute read

Microsoft Sentinel has a specific Data Connector which allows to collect the alerts comining from Microsoft Defender for IoT. This data ingestion is free of charge.

data-conmector

A specific solution, available in the Sentinel’s Content Hub, allows to deploy Analytic Rules, Plabooks and a Workbook specialized for IoT/OT related security.

solution

More on that in the Microsoft Security’s video Better Together: Microsoft Sentinel - IT/OT Threat Monitoring with Defender for IoT Solution.

In the past few weeks I had the chance to collaborate with my great colleague Hesham Saad (Abdelaal), Sr. Global Cybersecurity Technical Specialist at Microsoft, in demonstrating how Microsof Sentinel can also collect the “raw data” produced by Microsoft Defender for IoT sensors and how Sentiel workbooks can leverage these raw data to give detailed information about the status and the history of the IoT/OT equipments monitored by the sensors. This raw data collection opens new scenarios for “IoT-enabled SOCs”.

Hesham and I have shown our experience in this new video, published in the Microsoft Defender for IoT Ninja training page and in the Microsoft Security Community channel in Youtube:

Microsoft Defender for IoT raw data in Microsoft Sentinel new-video

Hope you’ll find it interesting and useful!