Azure IoT
A category of Azure services for internet of things devices.
409 questions
How to analyze custom protocols in Defender for IoT
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 71%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
Phoenix
0
Reputation points
Hello,
I am running a PoC with Defender for IoT in our environment. The sensor successfully 'sees' traffic happening in the environment. The issue I have, however, is that we use a custom (TCP) protocol for most of our devices, which is (obviously) not supported by Defender for IoT. I would like to be able to write custom alert rules for this protocol as well. The option to add custom alert rules in the sensor dashboard allows me to base the rule on attributes of for example the TCP or Ethernet packet, such as src/dst IP address and port. I would like to be able to add some conditions for specific operations within our protocol however. Is it somehow possible to write some custom parser for our protocol or to write custom alert rules for the data in TCP packets?
Advice/help would be greatly appreciated!
Sign in to answer