MicrosoftDocs
diff --git a/‎articles/defender-for-iot/organizations/how-to-work-with-threat-intelligence-packages.md
Lines changed: 24 additions & 18 deletions b/‎articles/defender-for-iot/organizations/how-to-work-with-threat-intelligence-packages.md
Lines changed: 24 additions & 18 deletions
diff --git a/‎articles/defender-for-iot/organizations/media/how-to-work-with-threat-intelligence-packages/download-screen.png
71.7 KB b/‎articles/defender-for-iot/organizations/media/how-to-work-with-threat-intelligence-packages/download-screen.png
71.7 KB
diff --git a/‎articles/defender-for-iot/organizations/media/how-to-work-with-threat-intelligence-packages/save-changes-management-console.png
134 KB b/‎articles/defender-for-iot/organizations/media/how-to-work-with-threat-intelligence-packages/save-changes-management-console.png
134 KB
diff --git a/‎articles/defender-for-iot/organizations/media/how-to-work-with-threat-intelligence-packages/update-threat-intelligence-multiple-sensors.png
134 KB b/‎articles/defender-for-iot/organizations/media/how-to-work-with-threat-intelligence-packages/update-threat-intelligence-multiple-sensors.png
134 KB
diff --git a/‎articles/defender-for-iot/organizations/media/how-to-work-with-threat-intelligence-packages/update-threat-intelligence-single-sensor.png
115 KB b/‎articles/defender-for-iot/organizations/media/how-to-work-with-threat-intelligence-packages/update-threat-intelligence-single-sensor.png
115 KB
diff --git a/‎articles/defender-for-iot/organizations/media/how-to-work-with-threat-intelligence-packages/upload-threat-intelligence-to-management-console.png
126 KB b/‎articles/defender-for-iot/organizations/media/how-to-work-with-threat-intelligence-packages/upload-threat-intelligence-to-management-console.png
126 KB
@@ -1,10 +1,11 @@
 ---
 title: Update threat intelligence data
 description: The threat intelligence data package is provided with each new Defender for IoT version, or if needed between releases.
-ms.date: 06/02/2022
+ms.date: 11/16/2022
 ms.topic: how-to
 ---
 # Threat intelligence research and packages
+
 ## Overview
 
 Security teams at Microsoft carry out proprietary ICS threat intelligence and vulnerability research. These teams include MSTIC (Microsoft Threat Intelligence Center), DART (Microsoft Detection and Response Team), DCU (Digital Crimes Unit), and Section 52 (IoT/OT/ICS domain experts that track ICS-specific zero-days, reverse-engineering malware, campaigns, and adversaries)
@@ -66,42 +67,47 @@ You can change the sensor threat intelligence update mode after initial onboardi
 
 Packages can be downloaded the Azure portal and manually uploaded to individual sensors. If the on-premises management console manages your sensors, you can download threat intelligence packages to the management console and push them to multiple sensors simultaneously.
 
-:::image type="content" source="media/how-to-work-with-threat-intelligence-packages/download-screen.png" alt-text="Download updates in the Azure portal.":::
+:::image type="content" source="media/how-to-work-with-threat-intelligence-packages/download-screen.png" alt-text="Screenshot of how to download updates in the Azure portal." lightbox="media/how-to-work-with-threat-intelligence-packages/download-screen.png":::
 
 This option is available for both *cloud connected* and *locally managed* sensors.
 
 [!INCLUDE [root-of-trust](includes/root-of-trust.md)]
 
-
 **To upload to a single sensor:**
 
-1. Go to the Microsoft Defender for IoT **Updates** page.
+1. In Defender for IoT on the Azure portal, go to the **Get started** > **Updates** tab.
 
-2. Download and save the **Threat Intelligence** package.
+1. In the **Sensor threat intelligence update** box, select **Download file** to download the latest threat intelligence package.
 
-3. Sign in to the sensor console.
+1. Sign in to the sensor console, and then select **System settings** > **Threat intelligence**.
 
-4. On the side menu, select **System Settings**.
+1. In the **Threat intelligence** pane, select **Upload file**. For example:
 
-5. Select **Threat Intelligence Data**, and then select **Update**.
+    :::image type="content" source="media/how-to-work-with-threat-intelligence-packages/update-threat-intelligence-single-sensor.png" alt-text="Screenshot of where you can upload Threat Intelligence package to a single sensor." lightbox="media/how-to-work-with-threat-intelligence-packages/update-threat-intelligence-single-sensor.png":::
 
-6. Upload the new package.
+1. Browse to and select the package you'd downloaded from the Azure portal and upload it to the sensor.
 
 **To upload to multiple sensors simultaneously:**
 
-1. Go to the Microsoft Defender for IoT **Updates** page.
+1. In Defender for IoT on the Azure portal, go to the **Get started** > **Updates** tab.
+
+1. In the **Sensor threat intelligence update** box, select **Download file** to download the latest threat intelligence package.
+
+1. Sign in to the management console and select **System settings**.
+
+1. In the **Sensor Engine Configuration** area, select the sensors that you want to receive the updated packages. For example:
 
-2. Download and save the **Threat Intelligence** package.
+    :::image type="content" source="media/how-to-work-with-threat-intelligence-packages/update-threat-intelligence-multiple-sensors.png" alt-text="Screenshot of where you can select which sensors you want to make changes to." lightbox="media/how-to-work-with-threat-intelligence-packages/update-threat-intelligence-multiple-sensors.png":::
 
-3. Sign in to the management console.
+1. In the **Sensor Threat Intelligence Data** section, select the plus sign (**+**).
 
-4. On the side menu, select **System Settings**.
+1. In the **Upload File** dialog, select **BROWSE FILE...** to browse to and select the update package. For example:
 
-5. In the **Sensor Engine Configuration** section, select the sensors that should receive the updated packages.  
+    :::image type="content" source="media/how-to-work-with-threat-intelligence-packages/upload-threat-intelligence-to-management-console.png" alt-text="Screenshot of where you can upload a Threat Intelligence package to multiple sensors." lightbox="media/how-to-work-with-threat-intelligence-packages/upload-threat-intelligence-to-management-console.png":::
 
-6. In the **Select Threat Intelligence Data** section, select the plus sign (**+**).
+1. Select **CLOSE** and then **SAVE CHANGES** to push the threat intelligence update to all selected sensors.
 
-7. Upload the package.
+    :::image type="content" source="media/how-to-work-with-threat-intelligence-packages/save-changes-management-console.png" alt-text="Screenshot of where you can save changes made to selected sensors on the management console." lightbox="media/how-to-work-with-threat-intelligence-packages/save-changes-management-console.png":::
 
 ## Review package update status on the sensor
 
@@ -121,7 +127,7 @@ Review the following information about threat intelligence packages for your clo
 
 1. Review the **Threat Intelligence version** installed on each sensor. Version naming is based on the day the package was built by Defender for IoT.
 
-1. Review the **Threat Intelligence mode** . *Automatic* indicates that newly available  packages will be automatically installed on sensors as they're released by Defender for IoT. 
+1. Review the **Threat Intelligence mode** . *Automatic* indicates that newly available  packages will be automatically installed on sensors as they're released by Defender for IoT.
 
     *Manual* indicates that you can push newly available packages directly to sensors as needed.
 
@@ -132,7 +138,7 @@ Review the following information about threat intelligence packages for your clo
     - Update Available
     - Ok
 
-If cloud connected threat intelligence updates fail, review  connection  information in the **Sensor status** and **Last connected UTC** columns in the **Sites and Sensors** page. 
+If cloud connected threat intelligence updates fail, review  connection  information in the **Sensor status** and **Last connected UTC** columns in the **Sites and Sensors** page.
 
 ## Next steps