IoT Security Portal

The Devices section was renamed Assets.
The Devices, Profiles, and Categories pages are in Assets.
IP Endpoints is a tab under Assets > Devices.
The Categories page was moved from the Inventory Dashboard (classic) to Assets.
The Device Visualizations page was renamed Network Visualizations and moved to Networks.

The Sites page moved from a tab under Administration > Sites and Firewalls to a tab under Networks > Networks and Sites.
Device Visualizations was renamed Network Visualizations and moved from Assets to Networks.
Applications moved from the main navigation menu to Networks.

The System Alerts page was renamed System Events and moved to Administration.
The Suppression Rules page moved to a tab under Alerts > Security Alerts.
The Alert Rules page was renamed Custom Alerts.

The Risks section was renamed Vulnerabilities.
(Medical IoT Security) The MDS2 page moved from Administration to Vulnerabilities.

The Reports section was renamed Logs & Reports.
The Device Logs page was renamed Device Traffic Logs.
The Audit Logs page was renamed Audit Log and moved from Administration to Logs & Reports. The Files and Settings page was renamed Reports.
Vulnerability Scan Reports moved from a page under Reports to a tab under Reports > Reports.

Settings is a new section.
The Custom Attributes, Scanners, and Tag Management pages moved from Administration to Settings.
The Notification Settings page was renamed Notification Management and moved from Administration to Settings.

The System Alerts page was renamed System Events and moved from Alerts to Administration.
(Medical IoT Security) The MDS2 page moved to Vulnerabilities.
The Sites page moved to a tab under Networks > Networks and Sites.
The Audit Log page moved to Logs & Reports.

Give feedback – Leave feedback for IoT Security developers.
Help – Open the Customer Support Portal.
User name (first and last name from the user’s contact information) – When you click the name, these options appear:
Preferences – Modify your contact information, time zone, idle session timeout, alert sound (that is, control if an audible alert sounds whenever IoT Security detects new Security alerts), and SMS and email notification settings.
Resource Center – See status notifications about firewall logs, and learn about IoT Security through recommended resources and useful links
Dark Theme/Light Theme – Switch between dark and light UI display themes.
Log out – Log out of your administrative session.
App Switcher – Take a shortcut to other Palo Alto Networks applications through the hub.

entity = device, Time Range = “month”, Device Type = “All IoT”, [device] Profile = “APC(Schneider Electric) Smart PowerSupply” [vulnerability] Vulnerability = “SNMPv1 Usage”

The results of the query show that 20 IoT devices support SNMPv1 and which ones they are.

The query tool uses the logic of “AND” between expressions using the operators

=

(equals),

!=

(doesn’t equal), and

IN

(includes). For example, the following query fetches data where

Time Range = “week”

AND

Device Type = “All IoT”

AND

[vulnerability] Severity IN (“High”, “Critical”)

:

entity = device, Time Range = “week”, Device Type = “All IoT”, [vulnerability] Severity IN (“High”, “Critical”)

You can save queries so you don't have to recreate ones used repeatedly. To save a query, click the ribbon bookmark icon to the right of the Query field, and give it a name. For example, if you regularly check the number of IoT devices running a Windows OS that were actively on the network during the past week and that have no endpoint protection or outdated protection, create this query and save it with a name such as Noncompliant Windows IoT devices:

entity = device, Time Range = “week”, Device Type = “All IoT”, [device] Endpoint Protection IN (“Not protected”, “Outdated”), [device] OS = “Windows”

When you want to use the query again, just click the bookmark icon and then click the name in the list of previously saved queries and filters. You can also edit entries in this list and delete them.

You cannot save queries from any of the dashboards, such as the Executive Summary.

The query tool has numerous parameters you can use to find whatever nugget of data you want. For example, enter the following query to check which devices were in a vulnerability scan report:

Entity = device, Time Range = “1 Year”, Device Type = “All IoT”, [scanReport] Scan Report = “yes”

By looking at the Device Details page of devices in the results of the query and clicking

Vulnerability Report Ready

, you can download the report as a PDF to your system where you can keep and read it.

To help you get started using the query builder, IoT Security provides a collection of example templates for common queries. Study these preconfigured queries to learn query builder capabilities, use them as they are, or use them as models for building similar queries of your own.

To see the preconfigured example queries, click

Query

under the page title bar and then click the

Query Bookmarks

icon.

The preconfigured templates differ somewhat based on the vertical theme that’s active on your IoT Security portal. Each vertical theme has five example templates. Here’s an example for each theme:

Enterprise IoT Security Plus

Name: [Example] This Week’s Active Insecure-Login Alerts

Query: Entity=”alert”, Time Range=”1 Week”, Alert Status=”Active Alerts”, Alert Type IN (“insecure login”, “unsecure login”, “Unsecure login”)

Summary: This queries IoT Security for all active alerts related to insecure logins over the past week.

Industrial IoT Security

Name: [Example] Critical Risk Internet Connected Industrial Devices
Query: Entity="device", Time Range="1 Year", Device Type="Industrial", [device] Risk = "Critical", [device] Internet Access="yes"
Summary: This queries IoT Security to show all industrial IoT devices that had a critical risk level and Internet access within the past year.

Medical IoT Security

Name: [Example] Risky Internet Connected IoT Devices
Query: Entity="device", Time Range="1 Year", Device Type="All IoT", [device] Risk IN ("High", "Critical"), [device] Internet Access="yes"
Summary: This queries IoT Security to show all IoT devices that had a high or critical risk level and Internet access within the past year.

You can edit the expressions that constitute a query template and the template name, perhaps saving a modified query with a new name to reuse later. You can also delete the example templates.

Announcements

– Toggle open and closed a vertical panel on the right side of the UI with information about recent feature releases and important security announcements.

Manage dashboards

– When your portal theme has multiple dashboards, such as Medical IoT Security, you can control which one is the default, which ones are available in adjacent tabs for quick access, and which ones are hidden. Recognizing that users of the IoT Security portal function in different roles, IoT Security lets you set your own preferences to best suit your needs and thereby increase efficiency and productivity.

To manage the display of the various dashboards, select
Dashboards
Manage Dashboards
.
In the
Manage Dashboards
drop-down menu, select the check boxes of dashboards you want to display as a tabbed dashboard for faster access. Clear the check boxes of those you don’t want displayed as a tabbed dashboard.
The left-to-right order of tabbed dashboards displayed in the main window corresponds to the top-to-bottom order of dashboards listed in the drop-down menu with the pinned (preferred) dashboard appearing on the far left.

To set the default dashboard to display first when navigating to
Dashboards
in the left navigation panel, click the pushpin icon next to a dashboard name in the
Manage Dashboards
drop-down menu.
If you change the portal theme to a vertical that doesn’t include your pinned dashboard, the default dashboard for that vertical becomes the new pinned dashboard.
To open a new browser tab or window showing security alerts and vulnerabilities, click
View Alerts Overview
and
View Vulnerabilities Overview
.