New!! Defender for IoT -- Azure Sentinel Solution
New!! Azure Sentinel -- IoT lab Environment
Help target the IoT industry to effectively use Azure Sentinel for monitoring, investigation, and incident response for their IoT environment.
As of today, there are not many uses case for Azure Sentinel to be used as a SIEM for IoT environments. This is mainly because of the current limitation of the build-in IoT data connecter with doesn't sync all Defender for IoT alerts to Azure Sentinel and certain alerts that do get synced are lacking/missing critical metadata like IP address and device MAC information.
Our Azure Sentinel Solution provides an end-to-end use case of how Azure Sentinel can be effectively used in IoT environments to sync and investigate all alerts, use UEBA feature to detect anomalies, use playbook to respond to IoT attacks, and how to gain in-depth insight on IoT attacks using workbooks.
We are also submitting an "Azure Sentinel - IoT Lab environment" as additional content for the Hackathon. The lab helps customers deploy a controlled and isolated environment that they can use to properly (hands-on) evaluate Azure Sentinel and Defender for IoT in their environment. The lab deploys simulated IoT devices that generate network traffic. Using a Kali Linux VM, attacks are launched against these IoT devices which Defender for IoT detects. All alerts from Defender for IoT are synced into Azure Sentinel using the solution project, therefore giving the customer experience the usefulness of Azure Sentinel and Defender for IoT in their environment.
The lab can also be used to test new IoT attacks in a controlled manner while still able to consume alerts and perform automated responses via Azure Sentinel, making the lab environment a critical platform for all IoT customers.
GitHub Repo Links:
Detailed Video Recordings:
Please watch below a detailed walkthrough of each project and demos.