Validate an OT sensor software installation

This article is one in a series of articles describing the deployment path for OT monitoring with Microsoft Defender for IoT.

Diagram of a progress bar with Deploy your sensors highlighted.

After you've installed OT software on your OT sensors, test your system to make sure that processes are running correctly. The same validation process applies to all appliance types.

System health validations are supported via UI or CLI and are available for the default, privileged admin user.

If you're using pre-configured appliances, continue directly with activating and setting up your OT network sensor instead.


The procedures in this article assume that you've just installed Defender for IoT software on an OT network sensor.

For more information, see Install OT monitoring software on OT sensors.

This step is performed by your deployment teams.

General tests

After installing OT monitoring software, make sure to run the following tests:

  • Sanity test: Verify that the system is running.

  • Version: Verify that the version is correct.

  • ifconfig: Verify that all the input interfaces configured during the installation process are running.

Gateway checks

Use the route command to show the gateway's IP address. For example:

<root@xsense:/# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface         UG    0      0        0 eth0     U     0      0        0 eth0

Use the arp -a command to verify that there's a binding between the MAC address and the IP address of the default gateway. For example:

<root@xsense:/# arp -a ( at 02:42:b0:3a:e8:b5 [ether] on eth0
mariadb_22.2.6.27-r-c64cbca.iot_network_22.2.6.27-r-c64cbca ( at 02:42:ac:12:00:05 [ether] on eth0
redis_22.2.6.27-r-c64cbca.iot_network_22.2.6.27-r-c64cbca ( at 02:42:ac:12:00:03 [ether] on eth0

DNS checks

Use the cat /etc/resolv.conf command to find the IP address that's configured for DNS traffic. For example:

<root@xsense:/# cat /etc/resolv.conf
options ndots:0

Use the host command to resolve an FQDN. For example:

<root@xsense:/# host is an alias for is an alias for is an alias for has address has IPv6 address 2a02:26f0:5700:1b4::1aca has IPv6 address 2a02:26f0:5700:182::1aca

Firewall checks

Use the wget command to verify that port 443 is open for communication. For example:

<root@xsense:/# wget
--2022-11-09 11:21:15--
Resolving (, 2a02:26f0:5700:1b4::1aca, 2a02:26f0:5700:182::1aca
Connecting to (||:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 99966 (98K) [text/html]
Saving to: 'index.html.1'

index.html.1        100%[===================>]  97.62K  --.-KB/s    in 0.02s

2022-11-09 11:21:15 (5.88 MB/s) - 'index.html.1' saved [99966/99966]


For more information, see Check system health in our sensor troubleshooting article.

Next steps

For more information, see Troubleshoot the sensor and Troubleshoot the on-premises management console.