Skip to content

Latest commit

 

History

History
49 lines (29 loc) · 2.43 KB

configure-active-monitoring.md

File metadata and controls

49 lines (29 loc) · 2.43 KB
Raw
title description ms.date ms.topic
Configure active monitoring for OT networks - Microsoft Defender for IoT
Describes the available methods for configuring active monitoring on your OT network with Microsoft Defender for IoT.
06/02/2022
how-to

Configure active monitoring for OT networks

This article describes how to configure active monitoring on OT networks with Microsoft Defender for IoT, including methods for Windows Event monitoring and reverse DNS lookup.

Plan your active monitoring

Important

Active monitoring runs detection activity directly in your network and may cause some downtime. Take care when configuring active monitoring so that you only scan necessary resources.

When planning active monitoring:

  • Verify the following questions:

    • Can the devices you want to scan be discovered by the default Defender for IoT monitoring? If so, active monitoring may be unnecessary.
    • Are you able to run active queries on your network and on the devices you want to scan? To make sure, try running an active query on a staging environment.

    Use the answers to these questions to determine exactly which sites and address ranges you want to monitor.

  • Identify maintenance windows where you can schedule active monitoring intervals safely.

  • Identify active monitoring owners, which are personnel who can supervise the active monitoring activity and stop the monitoring process if needed.

  • Determine which active monitoring method to use:

Configure network access

Before you can configure active monitoring, you must also configure your network to allow the sensor's management port IP address access to the OT network where your devices reside.

For example, the following image highlights in grey the extra network access you must configure from the management interface to the OT network.

:::image type="content" source="media/configure-active-monitoring/architecture.png" alt-text="Diagram highlighting the extra management network configuration required for active monitoring.":::

Next steps

For more information, see: