Install OT monitoring software on OT sensors
Use the procedures in this article when installing Microsoft Defender for IoT software on OT network sensors. You might be reinstalling software on a pre-configured appliance, or you may be installing software on your own appliance.
Before installing Microsoft Defender for IoT, make sure that you have:
- Traffic mirroring configured in your network
- An OT plan in Defender for IoT on your Azure subscription
- An OT sensor onboarded to Defender for IoT in the Azure portal
Each appliance type also comes with its own set of instructions that are required before installing Defender for IoT software. Make sure that you've completed any specific procedures required for your appliance before installing Defender for IoT software.
For more information, see:
- The OT monitoring appliance catalog
- Which appliances do I need?
- OT monitoring with virtual appliances
Download software files from the Azure portal
Download the OT sensor software from Defender for IoT in the Azure portal.
Select Getting started > Sensor and select the software version you want to download.
If you're updating software from a previous version, use the options from the Sites and sensors > Sensor update menu. For more information, see Update Defender for IoT OT monitoring software.
Install Defender or IoT software on OT sensors
This procedure describes how to install OT monitoring software on a sensor.
Towards the end of this process you will be presented with the usernames and passwords for your device. Make sure to copy these down as these passwords will not be presented again.
Mount the ISO file onto your hardware appliance or VM using one of the following options:
Physical media – burn the ISO file to your external storage, and then boot from the media.
- DVDs: First burn the software to the DVD as an image
- USB drive: First make sure that you’ve created a bootable USB drive with software such as Rufus, and then save the software to the USB drive. USB drives must have USB version 3.0 or later.
Your physical media must have a minimum of 4-GB storage.
Virtual mount – use iLO for HPE appliances, or iDRAC for Dell appliances to boot the ISO file.
When the installation boots, you're first prompted to select the hardware profile you want to install.
For more information, see Which appliances do I need?.
System files are installed, the sensor reboots, and then sensor files are installed. This process can take a few minutes.
When the installation steps are complete, the Ubuntu Package configuration screen is displayed, with the
Configuring iot-sensorwizard, showing a prompt to select your monitor interfaces.
In this wizard, use the up or down arrows to navigate, and the SPACE bar to select an option. Press ENTER to advance to the next screen.
Select monitor interfacesscreen, select the interfaces you want to monitor.
Make sure that you select only interfaces that are connected. If you select interfaces that are enabled but not connected, the sensor will show a No traffic monitored health notification in the Azure portal. If you connect more traffic sources after installation and want to monitor them with Defender for IoT, you can add them via the CLI.
eno1is reserved for the management interface and we recommend that you leave this option unselected.
Select erspan monitor interfacesscreen, select any ERSPAN monitoring ports that you have. The wizard lists available interfaces, even if you don't have any ERSPAN monitoring ports in your system. If you have no ERSPAN monitoring ports, leave all options unselected.
Select management interfacescreen, we recommend keeping the default
eno1value selected as the management interface.
Enter sensor IP addressscreen, enter the IP address for the sensor appliance you're installing.
Enter path to the mounted backups folderscreen, enter the path to the sensor's mounted backups. We recommend using the default path of
/opt/sensor/persist/backups. For example:
Enter Subnet Maskscreen, enter the IP address for the sensor's subnet mask. For example:
Enter Gatewayscreen, enter the sensor's default gateway IP address. For example:
Enter DNS serverscreen, enter the sensor's DNS server IP address. For example:
Enter hostnamescreen, enter the sensor hostname. For example:
Run this sensor as a proxy server (Preview)screen, select
<Yes>only if you want to configure a proxy, and then enter the proxy credentials as prompted.
The default configuration is without a proxy.
For more information, see Connect Microsoft Defender for IoT sensors without direct internet access by using a proxy (version 10.x).
The installation process starts running and then shows the credentials screen. For example:
Save the usernames and passwords listed, as the passwords are unique and this is the only time that the credentials are shown. Copy the credentials to a safe place so that you can use them when signing into the sensor for the first time.
For more information, see Default privileged on-premises users.
<Ok>when you're ready to continue.
The installation continues running again, and then reboots when the installation is complete. Upon reboot, you're prompted to enter credentials to sign in. For example:
Enter the credentials for one of the users that you'd copied down in the previous step.
- If the
iot-sensor login:prompt disappears, press ENTER to have it shown again.
- When you enter your password, the password characters don't display on the screen. Make sure you enter them carefully.
When you've successfully signed in, the following confirmation screen appears:
- If the
Make sure that your sensor is connected to your network, and then you can sign in to your sensor via a network-connected browser. For more information, see Activate and set up your sensor.
Only documented configuration parameters on the OT network sensor and on-premises management console are supported for customer configuration. Do not change any non-documented configuration parameters, as changes may cause unexpected behavior and system failures.
Submit and view feedback for