Редагувати

Поділитися через


Set up SNMP MIB health monitoring on an OT sensor

This article describes how to configure your OT sensors for health monitoring via an authorized SNMP monitoring server. SNMP queries are polled up to 50 times a second, using UDP over port 161.

Setup for SNMP monitoring includes configuring settings on your OT sensor and on your SNMP server. To define Defender for IoT sensors on your SNMP server, either define your settings manually or use a predefined SNMP MIB file downloaded from the Azure portal.

Prerequisites

Before you perform the procedures in this article, make sure that you have the following:

  • An SNMP monitoring server, using SNMP versions 2 or 3. If you're using SNMP version 3 and want to use AES and 3-DES encryption, you must also have:

    • A network management station (NMS) that supports SNMP version 3
    • An understanding of SNMP terminology, and the SNMP architecture in your organization
    • The UDP port 161 open in your firewall

    Have the following details of your SNMP server ready:

    • IP address
    • Username and password
    • Authentication type: MD5 or SHA
    • Encryption type: DES or AES
    • Secret key
    • SNMP v2 community string
  • An OT sensor installed and activated, with access as an Admin user. For more information, see On-premises users and roles for OT monitoring with Defender for IoT.

To download a predefined SNMP MIB file from the Azure portal, you need access to the Azure portal as a Security admin, Contributor, or Owner user. For more information, see Azure user roles and permissions for Defender for IoT.

Configure SNMP monitoring settings on your OT sensor

  1. Sign into your OT sensor and select System settings > Sensor management > Health and troubleshooting > SNMP MIB monitoring.

  2. In the SNMP MIB monitoring configuration pane, select + Add host and enter the following details:

    • Host 1: Enter the IP address of your SNMP monitoring server. Select + Add host again if you have multiple servers, as many times as needed.

    • SNMP V2: Select if you're using SNMP version 2, and then enter your SNMP V2 community string. A community string can have up to 32 alphanumeric characters, and no spaces.

    • SNMP V3: Select if you're using SNMP version 3, and then enter the following details:

      Name Description
      Username and Password Enter the SNMP v3 credentials used to access the SNMP server. Both usernames and passwords must be configured on both the OT sensor and the SNMP server.

      Usernames can include up to 32 alphanumeric characters, and no spaces.

      Passwords are case-sensitive, and can include 8-12 alphanumeric characters.
      Auth Type Select the authentication type used to access the SNMP server: MD5 or SHA
      Encryption Select the encryption used when communicating with the SNMP server:
      - DES (56-bit key size): RFC3414 User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3).
      - AES (AES 128 bits supported): RFC3826 The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP User-based Security Model.
      Secret Key Enter a secret key used when communicating with the SNMP server. The secret key must have exactly eight alphanumeric characters.
  3. Select Save to save your changes.

Download Defender for IoT's SNMP MIB file

Defender for IoT in the Azure portal provides a downloadable MIB file for you to load into your SNMP monitoring system to predefine Defender for IoT sensors.

To download the SNMP MIB file from Defender for IoT on the Azure portal, select Sites and sensors > More actions > Download SNMP MIB file.

OT sensor OIDs for manual SNMP configurations

If you're configuring Defender for IoT sensors on your SNMP monitoring system manually, use the following table for reference regarding sensor object identifier values (OIDs):

Management console and sensor OID Format Description
sysDescr 1.3.6.1.2.1.1.1 DISPLAYSTRING Returns Microsoft Defender for IoT
Platform 1.3.6.1.2.1.1.1.0 STRING Sensor or on-premises management console
sysObjectID 1.3.6.1.2.1.1.2 DISPLAYSTRING Returns the private MIB allocation, for example 1.3.6.1.4.1.53313.1.1 is the private OID root for 1.3.6.1.4.1.53313
sysUpTime 1.3.6.1.2.1.1.3 DISPLAYSTRING Returns the sensor uptime in hundredths of a second
sysContact 1.3.6.1.2.1.1.4 DISPLAYSTRING Returns the textual name of the admin user for this sensor
Vendor 1.3.6.1.2.1.1.4.0 STRING Microsoft Support (support.microsoft.com)
sysName 1.3.6.1.2.1.1.5 DISPLAYSTRING Returns the appliance name
Appliance name 1.3.6.1.2.1.1.5.0 STRING Appliance name for the on-premises management console
sysLocation 1.3.6.1.2.1.1.6 DISPLAYSTRING Returns the default location Portal.azure.com
sysServices 1.3.6.1.2.1.1.7 INTEGER Returns a value indicating the service this entity offers, for example, 7 signifies “applications”
ifIndex 1.3.6.1.2.1.2.2.1.1 GAUGE32 Returns the sequential ID numbers for each network card
ifDescription 1.3.6.1.2.1.2.2.1.2 DISPLAYSTRING Returns a string of the hardware description for each network interface card
ifType 1.3.6.1.2.1.2.2.1.3 INTEGER Returns the type of network adapter, for example 1.3.6.1.2.1.2.2.1.3.117 signifies Gigabit Ethernet
ifMtu 1.3.6.1.2.1.2.2.1.4 GAUGE32 Returns the MTU value for this network adapter. Note monitoring interfaces don't show an MTU value
ifspeed 1.3.6.1.2.1.2.2.1.5 GAUGE32 Returns the interface speed for this network adapter
Serial number 1.3.6.1.4.1.53313.1 STRING String that the license uses
Software version 1.3.6.1.4.1.53313.2 STRING Xsense full-version string and management full-version string
CPU usage 1.3.6.1.4.1.53313.3.1 GAUGE32 Indication for zero to 100
CPU temperature 1.3.6.1.4.1.53313.3.2 STRING Celsius indication for zero to 100 based on Linux input.

Any machine that has no actual physical temperature sensor (for example VMs) returns "No sensors found"
Memory usage 1.3.6.1.4.1.53313.3.3 GAUGE32 Indication for zero to 100
Disk Usage 1.3.6.1.4.1.53313.3.4 GAUGE32 Indication for zero to 100
Service Status 1.3.6.1.4.1.53313.5 STRING Online or offline if one of the four crucial components has failed
Locally/cloud connected 1.3.6.1.4.1.53313.6 STRING Activation mode of this appliance: Cloud Connected / Locally Connected
License status 1.3.6.1.4.1.53313.7 STRING Activation period of this appliance: Active / Expiration Date / Expired

Note that:

  • Nonexisting keys respond with null, HTTP 200.
  • Hardware-related MIBs (CPU usage, CPU temperature, memory usage, disk usage) should be tested on all architectures and physical sensors. CPU temperature on virtual machines is expected to be non applicable.

Next steps

For more information, see Maintain OT network sensors from the GUI.