Latest Threat Intelligence (March 2025)
Microsoft Defender for IoT has released the March 2025 Threat Intelligence package. The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. Each package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month) researched and implemented by Microsoft Threat Intelligence Research - CPS. The CVE scores are aligned with the National Vulnerability Database (NVD). Starting with the August 2023 threat intelligence updates, CVSSv3 scores are shown if they are relevant; otherwise the CVSSv2 scores are shown. Guidance Customers are recommended to update their systems with the latest TI package in order to detect potential exposure risks and vulnerabilities in their networks and on their devices. Threat Intelligence packages are updated every month with the most up-to-date security information available, ensuring that Microsoft Defender for IoT can identify malicious actors and behaviors on devices. Update your system with the latest TI package The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file), for more information, please review Update threat intelligence data | Microsoft Docs. MD5 Hash: 3b0522536f51a13701f172a5d2c435d5 For cloud connected sensors, Microsoft Defender for IoT can automatically update new threat intelligence packages following their release, click here for more information.Latest Threat Intelligence (August 2024)
Microsoft Defender for IoT has released the August 2024 Threat Intelligence package. The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. Each package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month) researched and implemented by Microsoft Threat Intelligence Research - CPS. The CVE scores are aligned with the National Vulnerability Database (NVD). Starting with the August 2023 threat intelligence updates, CVSSv3 scores are shown if they are relevant; otherwise the CVSSv2 scores are shown. Guidance Customers are recommended to update their systems with the latest TI package in order to detect potential exposure risks and vulnerabilities in their networks and on their devices. Threat Intelligence packages are updated every month with the most up-to-date security information available, ensuring that Microsoft Defender for IoT can identify malicious actors and behaviors on devices. Update your system with the latest TI package The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file), for more information, please review Update threat intelligence data | Microsoft Docs. MD5 Hash: 1b0b3742c28c70692504dcf88d63d54c For cloud connected sensors, Microsoft Defender for IoT can automatically update new threat intelligence packages following their release, click here for more information.Webinar: Sentinel IT/OT Threat Monitoring
Join us on Thursday 28.7 for a webinar on Sentinel IT/OT Threat Monitoring with Defender for IoT solution. Learn how Defender for IoT's built-in integration with Sentinel helps bridge the gap between IT and OT security. Registration is now open , for July 28 There has been a long-standing split between ICS/SCADA (OT) and Corporate (IT) cybersecurity. This split was often driven by significant differences in technology/tooling. Microsoft Defender for IoT's integration with Microsoft Sentinel drives convergency by providing a single pane for coverage of both D4IOT (OT) and Microsoft Sentinel (IT) alerting. This solution includes Workbooks and Analytics rules providing a guide OT detection and Analysis.
Microsoft Defender for IoT new sensor release (22.2.7)
We are happy to announce a new release of Microsoft Defender for IoT sensor (version 22.2.7) What’s new? Improved network devices visualization to include multiple interfaces based on network protocols. Improved alert timeline indications, which now includes detection time and last seen time. A new column named “First Detection time” reflects the first time the alert was detected, to get more context if it was raised more than once. To download sensor 22.2.7 software from Azure portal herePublic Preview | IoT Entity Page in Sentinel
Enhance IoT/OT Threat Monitoring in Your SOC with Sentinel and Defender for IoT See more in our new Blog: IoT Entity Page - Enhance IoT/OT Threat Monitoring in Your SOC With Sentinel and Defender for IoT Defender for IoT's integration with Microsoft Sentinel now supports an IoT device entity page. When investigating incidents and monitoring IoT security in Microsoft Sentinel, you can now identify your most sensitive devices and jump directly to more details on each device entity page. The IoT device entity page provides: Contextual device information about an IoT device, with basic device details and device owner contact information. Device owners are defined by site in the Sites and sensors page in Defender for IoT. Can help prioritize remediation based on device importance and business impact, as per each alert's site, zone, and sensor. For more information, see Investigation enhancements with IOT device entitiesMicrosoft Defender for IoT -New Release (OT v22.2.4)
Microsoft is excited to announce a new software release of Microsoft Defender for IoT. To learn more, visit Azure Defender for IoT Release Notes | Microsoft Docs Download links available at Defender for IoT Management Portal - Microsoft Azure. What's New? Category Item Inventory and map Merge and Delete devices via device inventory Last seen value in the device details pane is replaced by Last activity Any user with Admin permissions will be able to delete devices via device inventory page New protocol support Honeywell Discovery Honeywell EUCN Schneider TSAA ServiceNow integration Users can now query CVEs for specific device Users can correlate alerts on Splunk with devices from the CMDB Alerts New alert columns with timestamp data - will be available on the sensor (cloud side will be available only on the next release) Learning button will be displayed by default in the alerts page About Defender for IoT Azure Defender for IoT provides agentless, network-layer security, provides security for diverse industrial equipment, and interoperates with Azure Sentinel and other SOC tools. Continuous asset discovery, vulnerability management, and threat detection for Internet of Things (IoT) devices, operational technology (OT) and Industrial Control Systems (ICS) can be deployed on-premises or in Azure-connected environments.New Blog Post | Stream Microsoft Defender for IoT alerts to a 3rd party SIEM
Learn how to send Microsoft Defender for IoT alerts to third-party SIEMs such as Splunk, QRadar: Stream Microsoft Defender for IoT alerts to a 3rd party SIEM Customer engagements have taught us that sometimes customers prefer to maintain their existing SIEM, alongside Microsoft Sentinel, or as a standalone SIEM. In this blog, we’ll introduce a solution that sends Microsoft Defender for IoT alerts to an Event Hub that can be consumed by a 3 rd party SIEMs. You can use this solution with Splunk, QRadar, or any other SIEM that supports Event Hub ingestion.Defender for IoT public webinars
These webinars will be held at 08:00-09:00 AM, PST. Sign-up at the links below! FEB 23 Microsoft Defender for IoT | Cloud Capabilities and Security Advantages In this session we will discuss the benefits of connecting Defender for IoT for OT/ICS environments to the cloud. Covering both security and manageability aspects and features and cross platform integrations MAR 24 Better Together | Microsoft Sentinel - IT/OT Threat Monitoring with Defender for IoT Solution In this session we will discuss how Microsoft Sentinel and Microsoft Defender for IoT are driving together a convergence of OT and Corporate cybersecurity disciplines in defense of critical infrastructure. This solution provides the foundation for building a SOC geared towards IoT/ OT monitoring. and is globally applicable for organizations defending both IT/OT-based networks APR 6 Microsoft Defender for IoT | How to Discover and Secure IoT Devices in the Enterprise Environment In this session we will share how Microsoft Defender for IoT is leveraging multiple data sources (including an agentless solution and Microsoft Defender for Endpoints) to discover and secure IoT devices in enterprise networks. Printers, cameras, VoIP phones and other unmanaged devices are posing an increasing risk to enterprises, and the need to identify and protect them becomes a cardinal priority for security teams. We will present our integrated solution and how it complements our OT security offering. Original Post: Defender for IoT public webinars - Microsoft Tech CommunityInvitation | Join the Microsoft Defender for IoT community to influence and earn swag!
Defender for IoT Customer - Join Defender for IoT private community! Access exclusive Defender for IoT content and best practices Be first to try our private previews and influence our features before they become GA Earn digital badges based on your level of contribution Live events To join, please fill out the form at https://aka.ms/SecurityPrP and select “ongoing program” NDA is required Cool swag for the first 50 members who sign up! make sure to fill in your shipping address in the form Are you already a member of our cloud security community? https://aka.ms/SecurityCommunity, Discussion group on LinkedIn
