Microsoft Defender for IoT - supported IoT, OT, ICS, and SCADA protocols

Je li ova stranica od pomoći?

Imate dodatne povratne informacije?

Povratne informacije će biti poslane kompaniji Microsoft: pritiskom na dugme za slanje, vaše povratne informacije će se koristiti za unapređivanje proizvoda i usluga kompanije Microsoft. Pravila privatnosti.

This article lists the protocols that are supported by default in Microsoft Defender for IoT. If your organization uses proprietary protocols or other protocols not listed here, use the Defender for IoT Horizon SDK to extend support as needed.

Supported protocols for asset discovery

Defender for IoT can detect the following protocols when identifying assets and devices in your network:

Brand / Vendor	Protocols
ABB	ABB 800xA DCS (IEC61850 MMS including ABB extension)
ASHRAE	BACnet BACnet BACapp BACnet BVLC
Beckhoff	AMS (ADS) Twincat
Cisco	CAPWAP Control CAPWAP Data CDP LWAPP
DNP. org	DNP3
Emerson	DeltaV Emerson OpenBSI/BSAP Ovation DCS ADMD Ovation DCS DPUSTAT Ovation DCS SSRPC
Emerson Fischer	ROC
Eurocontrol	ASTERIX
GE	Bentley Nevada (System 1 / BN3500) EGD GSM (GE MarkVI and MarkVIe) SRTP (GE)
Generic Applications	Active Directory RDP Teamviewer VNC
Honeywell	ENAP Experion DCS CDA Experion DCS FDA
IEC	IEC 60870-5-7 (IEC 62351-3 + IEC 62351-5) IEC 60870-5-101 (encapsulated serial) IEC 60870-5-103 (encapsulated serial) IEC 60870-5-104 IEC 60870-5-104 ASDU_APCI Codesys V3 IEC 60870 ICCP TASE.2 IEC 61850 GOOSE IEC61850 MMS IEC 61850 SMV (SAMPLED-VALUES) LonTalk (LonWorks)
IEEE	LLC STP VLAN
IETF	ARP DHCP DCE RPC DNS FTP (FTP_ADAT FTP_DATA) GSSAPI (RFC2743) HTTP ICMP IPv4 IPv6 LLDP MDNS NBNS NTLM (NTLMSSP Auth Protocol) RPC SMB / Browse / NBDGM SMB / CIFS SNMP SPNEGO (RFC4178) SSH Syslog TCP Telnet TFTP TPKT UDP
ISO	CLNP (ISO 8473) COTP (ISO 8073) ISO Industrial Protocol MQTT (IEC 20922)
Medical	ASTM HL7
Microsoft	Horizon community dissectors Horizon proprietary dissectors (developed by customers)
Mitsubishi	Melsoft / Melsec (Mitsubishi Electric)
Omron	FINS
Oracle	TDS TNS
Rockwell Automation	ENIP EtherNet/IP CIP (including Rockwell extension) EtherNet/IP CIP FW version 27 and above
Schneider Electric	Modbus/TCP Modbus TCP–Schneider Unity Extensions OASYS (Schneider Electric Telvant)
Schneider Electric / Invensys	Foxboro Evo Foxboro I/A Trident TriGP TriStation
Schneider Electric / Modicon	Modbus RTU
Schneider Electric / Wonderware	Wonderware Suitelink
Siemens	CAMP PCS7 PCS7 WinCC – Historian Profinet DCP Profinet Realtime Siemens PHD Siemens S7 Siemens S7-Plus Siemens SICAM Siemens WinCC
Toshiba	Toshiba Computer Link
Yokogawa	Centum ODEQ (Centum / ProSafe DCS) HIS Equalize Vnet/IP

Supported protocols for active monitoring

Defender for IoT can detect the following protocols using active monitoring, such as ping sweeps and queries:

Brand / Vendor	Protocols
IETF	Ping Sweep SNMP Network Layout Query SNMP Query
Microsoft	Windows WMI Query (req. WMI/WinRM): hardware, BIOS, version, software, patches
Rockwell Automation	ENIP Query ENIP Scan EtherNet/IP CIP (CIP Query)
Siemens	Siemens S7

Don't see your protocol here?

Build support for proprietary protocols with the Horizon SDK

Asset vendors, partners, or platform owners can use Defender for IoT's Horizon Protocol SDK to secure any protocol used in IoT and ICS environments that's not isn't already supported by default.

Horizon helps you to write plugins that enable Deep Packet Inspection (DPI) on the traffic and detect threats in realtime. Customize your plugins localize and customize text for alerts, events, and protocol parameters.

Horizon provides:

• Support for common, proprietary, or custom protocols that deviate from standards
• Extra flexibility and scope for DPI development
• Extra visibility and control over your OT assets without needing to update your Defender for IoT version
• The security of allowing proprietary development without divulging sensitive information

Collaborate with the Horizon community

Join our community to help lead the way towards digital transformation and industry-wide collaboration for protocol support!

The Horizon ICS community shares knowledge between domain experts in critical infrastructures, building management, production lines, transportation systems, and leading industries. For example, our community shares tutorials, discussion forums, instructor-led training, educational white papers, and more.

To join the Horizon community, email us at: horizon-community@microsoft.com

Next steps

For more information:

• Customize alert rules
• About forwarded alert information