Nozomi Networks Threat Intelligence is an add-on enhancement for Guardian sensors that provides continuous updates with vulnerability data and threat indicators specific to operational technology and IoT environments. The service delivers information on known and zero-day vulnerabilities affecting industrial processes and devices. The product includes threat indicators such as Yara rules, packet rules, STIX indicators, threat knowledgebase entries, and vulnerability signatures. It incorporates anomaly and threat detection algorithms designed to identify malicious activity in OT and IoT networks. The system groups alerts by incidents to provide consolidated views of network events. Threat intelligence data is sourced from Nozomi Networks Labs research team. An optional TI Expansion Pack integrates indicators of compromise from Mandiant to expand the threat intelligence coverage. The service can function as a standalone threat feed compatible with third-party security solutions that support STIX and TAXII formats. This allows organizations to ingest the threat data into firewalls, orchestration platforms, and other security tools outside the Nozomi Networks Guardian and Vantage platforms.