New Blog Post | What are DEV-#### indicator designations for detections?

What are DEV-#### indicator designations for detections? - Azure Cloud & AI Domain Blog (azurecloudai.blog)

I had this question come up today, but I’ve been asked a few times before recently, so I believe it’s prudent to supply and explanation and guidance on what to do with these.

Microsoft uses DEV-#### designations as a temporary name given to an unknown, emerging, or a developing cluster of threat activity, allowing MSTIC to track it as a unique set of information until we reach a high confidence about the origin or identity of the actor behind the activity. Once it meets the criteria, a DEV is converted to a named actor.

Here’s an example of one in Microsoft Sentinel…

Original Post: New Blog Post | What are DEV-#### indicator designations for detections? - Microsoft Tech Community