Defender for IoT CLI users and access
This article provides an introduction to the Microsoft Defender for IoT command line interface (CLI). The CLI is a text-based user interface that allows you to access your OT and Enterprise IoT sensors, and the on-premises management console, for advanced configuration, troubleshooting, and support.
To access the Defender for IoT CLI, you'll need access to the sensor or on-premises management console.
- For OT sensors or the on-premises management console, you'll need to sign in as a privileged user.
- For Enterprise IoT sensors, you can sign in as any user.
Caution
Only documented configuration parameters on the OT network sensor and on-premises management console are supported for customer configuration. Do not change any non-documented configuration parameters, as changes may cause unexpected behavior and system failures.
Privileged user access for OT monitoring
Privileged users for OT monitoring are pre-defined together with the OT monitoring software installation, as part of the hardened operating system.
- On the OT sensor, users include the cyberx, support, and cyberx_host users.
- On the on-premises management console, users include the cyberx and support users.
The following table describes the access available to each privileged user:
| Name | Connects to | Permissions |
|---|---|---|
| support | The OT sensor or on-premises management console's configuration shell |
A powerful administrative account with access to: - All CLI commands - The ability to manage log files - Start and stop services This user has no filesystem access |
| cyberx | The OT sensor or on-premises management console's terminal (root) |
Serves as a root user and has unlimited privileges on the appliance. Used only for the following tasks: - Changing default passwords - Troubleshooting - Filesystem access |
| cyberx_host | The OT sensor's host OS terminal (root) |
Serves as a root user and has unlimited privileges on the appliance host OS. Used for: - Network configuration - Application container control - Filesystem access |
Note
We recommend that customers using the Defender for IoT CLI use the support user whenever possible. Other CLI users cannot be added.
Supported users by CLI actions
The following tables list the activities available by CLI and the privileged users supported for each activity.
Appliance maintenance commands
| Service area | Users | Actions |
|---|---|---|
| Sensor health | support, cyberx | Check OT monitoring services health |
| Restart and shutdown | support, cyberx, cyberx_host | Restart an appliance Shut down an appliance |
| Software versions | support, cyberx | Show installed software version Update software version |
| Date and time | support, cyberx, cyberx_host | Show current system date/time |
| NTP | support, cyberx | Turn on NTP time sync Turn off NTP time sync |
Backup and restore commands
| Service area | Users | Actions |
|---|---|---|
| Backup files | support, cyberx | List current backup files Start an immediate, unscheduled backup |
| Restore | support, cyberx | Restore data from the most recent backup |
| Backup disk space | cyberx | Display backup disk space allocation |
TLS/SSL certificate commands
| Service area | Users | Actions |
|---|---|---|
| Certificate management | cyberx | Import TLS/SSL certificates to your OT sensor Restore the default self-signed certificate |
Local user management commands
| Service area | Users | Actions |
|---|---|---|
| Password management | cyberx, cyberx_host | Change local user passwords |
| Sign-in configuration | support, cyberx, cyberx_host | Control user session timeouts |
| Sign-in configuration | cyberx | Define maximum number of failed sign-ins |
Network configuration commands
| Service area | Users | Actions |
|---|---|---|
| Network setting configuration | cyberx_host | Change networking configuration or reassign network interface roles |
| Network setting configuration | support | Validate and show network interface configuration |
| Network connectivity | support, cyberx | Check network connectivity from the OT sensor |
| Network connectivity | cyberx | Check network interface current load Check internet connection |
| Network bandwidth limit | cyberx | Set bandwidth limit for the management network interface |
| Physical interfaces management | support | Locate a physical port by blinking interface lights |
| Physical interfaces management | support, cyberx | List connected physical interfaces |
Traffic capture filter commands
| Service area | Users | Actions |
|---|---|---|
| Capture filter management | support, cyberx | Create a basic filter for all components Create an advanced filter for specific components List current capture filters for specific components Reset all capture filters |
Alert commands
| Service area | Users | Actions |
|---|---|---|
| Alert functionality testing | cyberx | Trigger a test alert |
| Alert exclusion rules | support, cyberx | Show current alert exclusion rules Create a new alert exclusion rule Modify an alert exclusion rule Delete an alert exclusion rule |
Defender for IoT CLI access
To access the Defender for IoT CLI, sign in to your OT or Enterprise IoT sensor or your on-premises management console using a terminal emulator and SSH.
- On a Windows system, use PuTTY or another similar application.
- On a Mac system, use Terminal.
- On a virtual appliance, access the CLI via SSH, the vSphere client, or Hyper-V Manager. Connect to the virtual appliance's management interface IP address via port 22.
Each CLI command on an OT network sensor or on-premises management console is supported a different set of privileged users, as noted in the relevant CLI descriptions. Make sure you sign in as the user required for the command you want to run. For more information, see Privileged user access for OT monitoring.
Sign out of the CLI
Make sure to properly sign out of the CLI when you're done using it. You're automatically signed out after an inactive period of 300 seconds.
To sign out manually on an OT sensor or on-premises management console, run one of the following commands:
| User | Command |
|---|---|
| support | logout |
| cyberx | cyberx-xsense-logout |
| cyberx_host | logout |
Next steps
You can also control and monitor your cloud connected sensors from the Defender for IoT Sites and sensors page. For more information, see Manage sensors with Defender for IoT in the Azure portal.
Feedback
Submit and view feedback for