From 00694388a22e5b3b625a71133292f566f8ef9f35 Mon Sep 17 00:00:00 2001 From: jcaparas Date: Tue, 3 Apr 2018 10:35:58 -0700 Subject: [PATCH] update icons --- ...ows-defender-advanced-threat-protection.md | 2 +- ...ows-defender-advanced-threat-protection.md | 2 +- ...ows-defender-advanced-threat-protection.md | 22 +++++++++--------- .../windows-defender-atp/images/Pending.png | Bin 1961 -> 770 bytes .../images/Remediated.png | Bin 2503 -> 1053 bytes .../windows-defender-atp/images/Running.png | Bin 2220 -> 1176 bytes .../images/no-threats-found.png | Bin 0 -> 1098 bytes .../images/partially-investigated.png | Bin 0 -> 908 bytes .../images/partially_remediated.png | Bin 2479 -> 3301 bytes .../images/terminated-by-system.png | Bin 0 -> 892 bytes ...ows-defender-advanced-threat-protection.md | 8 +++---- 11 files changed, 17 insertions(+), 17 deletions(-) create mode 100644 windows/security/threat-protection/windows-defender-atp/images/no-threats-found.png create mode 100644 windows/security/threat-protection/windows-defender-atp/images/partially-investigated.png create mode 100644 windows/security/threat-protection/windows-defender-atp/images/terminated-by-system.png diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md index c89972b746..727cdd7358 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md @@ -1,6 +1,6 @@ --- title: Advanced hunting best practices in Windows Defender ATP -description: Learn about advanced hunting best practices such as what filters and keywords to use to effectively query data. +description: Learn about Advanced hunting best practices such as what filters and keywords to use to effectively query data. keywords: advanced hunting, best practices, keyword, filters, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md index 2fff8ca906..f5376084b6 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md @@ -1,6 +1,6 @@ --- title: Advanced hunting reference in Windows Defender ATP -description: Learn about advanced hunting table reference such as column name, data type, and description +description: Learn about Advanced hunting table reference such as column name, data type, and description keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md index 66684eb442..f1814c3b38 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md @@ -1,6 +1,6 @@ --- title: Query data using Advanced hunting in Windows Defender ATP -description: Learn about advanced hunting in Windows Defender ATP and how to query ATP data. +description: Learn about Advanced hunting in Windows Defender ATP and how to query ATP data. keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics search.product: eADQiWindows 10XVcnh ms.prod: w10 @@ -32,10 +32,10 @@ Advanced hunting allows you to proactively hunt for possible threats across your - **Powerful query language with IntelliSense** - Built on top of a query language that gives you the flexibility you need to take hunting to the next level. - **Query the stored telemetry** - The telemetry data is accessible in tables for you to query. For example, you can query process creation, network communication, and many other event types. -- **Links to portal** - Certain query results, such as machine names and file names are actually direct links to the portal, consolidating the advanced hunting query experience and the existing portal investigation experience. +- **Links to portal** - Certain query results, such as machine names and file names are actually direct links to the portal, consolidating the Advanced hunting query experience and the existing portal investigation experience. - **Query examples** - A welcome page provides examples designed to get you started and get you familiar with the tables and the query language. -To get you started in querying your data, you can use the basic or advanced query examples that have some preloaded queries for you to understand the basic query syntax. +To get you started in querying your data, you can use the basic or Advanced query examples that have some preloaded queries for you to understand the basic query syntax. ![Image of Advanced hunting window](images/atp-advanced-hunting.png) @@ -45,7 +45,7 @@ A typical query starts with a table name followed by a series of operators separ In the following example, we start with the table name **ProcessCreationEvents** and add piped elements as needed. -![Image of Windows Defender ATP advanced hunting query](images/advanced-hunting-query-example.png) +![Image of Windows Defender ATP Advanced hunting query](images/advanced-hunting-query-example.png) First, we define a time filter to review only records from the previous seven days. @@ -74,9 +74,9 @@ To see a live example of these operators, run them as part of the **Get started* For more information on the query language and supported operators, see [Query Language](https://docs.loganalytics.io/docs/Language-Reference/). -## Use exposed tables in advanced hunting +## Use exposed tables in Advanced hunting -The following tables are exposed as part of advanced hunting: +The following tables are exposed as part of Advanced hunting: - **AlertEvents** - Stores alerts related information - **MachineInfo** - Stores machines proprties @@ -126,23 +126,23 @@ These steps guide you on modifying and overwriting an existing query. 2. Select **Delete** and confirm that you want to delete the query. -## Result set capabilities in advanced hunting +## Result set capabilities in Advanced hunting The result set has several capabilities to provide you with effective investigation, including: - Columns that return entity-related objects, such as Machine name, Machine ID, File name, SHA1, User, IP, and URL, are linked to their entity pages in the Windows Defender ATP portal. - You can right-click on a cell in the result set and add a filter to your written query. The current filtering options are **include**, **exclude** or **advanced filter**, which provides additional filtering options on the cell value. These cell values are part of the row set. -![Image of Windows Defender ATP advanced hunting result set](images/atp-advanced-hunting-results-filter.png) +![Image of Windows Defender ATP Advanced hunting result set](images/atp-advanced-hunting-results-filter.png) -## Filter results in advanced hunting -In advanced hunting, you can use the advanced filter on the output result set of the query. +## Filter results in Advanced hunting +In Advanced hunting, you can use the advanced filter on the output result set of the query. The filters provide an overview of the result set where each column has it's own section and shows the distinct values that appear in the column and their prevalence. You can refine your query based on the filter by clicking the "+" or "-" buttons on the values that you want to include or exclude and click **Run query**. -![Image of advanced hunting filter](images/atp-filter-advanced-hunting.png) +![Image of Advanced hunting filter](images/atp-filter-advanced-hunting.png) The filter selections will resolve as an additional query term and the results will be updated accordingly. diff --git a/windows/security/threat-protection/windows-defender-atp/images/Pending.png b/windows/security/threat-protection/windows-defender-atp/images/Pending.png index 0d7563d8619ede0a7884754facf58bad9af2a85e..b5a27d0a5826ea8653c6658d0528e5cd009c1b20 100644 GIT binary patch delta 568 zcmV-80>}NS4}u0siBL{Q4GJ0x0000DNk~Le0000Z0000f2nGNE0KY>La><%Q#mym_9 z@nhz*GqZtGO2Hq|+iwF5B?D7sBDV>=($p3Jm;LiRi~-VmWtg@AxSasH#(e$r0I)eO z3}b^BDvS{-f7&eoQ)LLk6(eOYkG^788J_F@i*`?cdBcS9e>gRI1a#@wH%GjWHw^Kqtorz} ze#H*MsJgQfiHwv85A_dwU?HssV|xRE0wdJXG|3Q%_6Fw95#&Hx6!8jh_)h delta 1769 zcmV|e=+q9q|?;Z2Jmc{0`!Lfkr<>Gq3{;Wy#upXF;i=ho_iGl>pbW{w*j>+*t?Hx z-+>o*;P^3gdKf?)#X86fV;vi1g3$htdXQUz+23M{*I@QnkXwXk2Hfa5A@JMC@iW-_ z60?09f65P#qb+EaF`=)9`wks29^fRDfv|<~m5DR)bR9@cL#_xjS76~9X7(y%mmm@c z`bijc;dl!+K85wa!0s1tx~EQ^k=Khtaz^P)&FE#Rd?0gP8pTXf1O<)IbZCGk$=-r0+IAn{EnuJ(%gn@PyPIln*P|>?Kt^s<|=_|1E z0TgdQ{t_hfXR|543b_lAUVx{6h5ZN6Yp5LuXalEJ{);J6TpK-7UC ze*^&&0Fg1Ium-Ci!^%gHEI_A@sqKK{+2r$;s=}Iv$csbRRiW}*nz)|L2`>u99pJV? zWWYG!y84FUu&mMxu=Gb*`4Glekm_UDxr+(95KU=4b{pVCVD4QNpf^5(W<@om`gGu8 zVBgqMIs>5pilyBJiFlBI6H~kn6K^W8fBmmu^Y0)5q^1=>V_y@+jUnSJ8jjK*pz;9f z8{h|nDl(vZ%ozX-zlsbN6Ca1%5{xemzxNu@scB|)`wY|}6zH7{3^Tr>bsx_TC0peG z^zQs#5TG>0^BVI=(tZ$)dnBPH=EZcKmr&zQWN0Ing5)H`vd}z&;C#hD2S8t$e;sgR z;KdN5qHknKp`bJxWAg{m|0Dawi7F^#B~*ON=XM8rChb57T(X%%#8HaraT<9it} zc9Clhw`y>_0kuuYEvr_<$00ebe+(oh5n~_-l=^s1C#FtAXNRNjz;@5q01!1O;c&6j zpMaifbIL40rle{&|2uUQ&nW7Qt%~fjhM~3zFa8D9@1WNm_7V}RG5wa=2OuGYKH~cj zhDx_JE zhqY4d+HAEd*h3qUgVz22eQlp2P<&6-F_r=2DD}~l_IStB#PniXevt&U>d*yzzzeM} z&sI(!fEU-A9V;K2B_vYIX;*%GAYp>zZM9#Y$d+!AK_CQScAE6Mdnf2+VKo#{E1-qf59 z4SN@%{FP>Nb6dkAfNAM#3y3bz+J|TsNle3qKS8FbGek54ts@Q3)Z6N3wDKji3Sves zB4GgC22$VBd%)H$*u4YC&vc|3DOCeHYy?1d2D$Vh{PGj+h7v;9Q+saYY_G7-P>A}I zEm*@UcPU=@?tXhAOg)Y zrhFf^K0|iz!r@~$J+TUy)b>034wSAVbMHcW{(Izq6!q(FMlV0@nueviuAw=2qM|af zh?%>pvtnu%5)*pzAMpG*0F1D*{W-k2t138s8MAof%!T8J7e4<3Jh#e2ig^Hc00000 LNkvXXu0mjfxr0Dg diff --git a/windows/security/threat-protection/windows-defender-atp/images/Remediated.png b/windows/security/threat-protection/windows-defender-atp/images/Remediated.png index ad6c269960866e7dd0f29fbcec906674cf236e14..9f13d8e5dc11dfba7d2f1cb031672657d4dffc58 100644 GIT binary patch delta 854 zcmV-c1F8JS6P*Z2iBL{Q4GJ0x0000DNk~Le0000Z0000g2nGNE06Es;kpKVy32;bR za{vGxhX4Q_hXIe}@nrx200(qQO+^Rd1OpKl6$RI@J&{S)e*)-9L_t(oh0T~fa^gS` zg)0HjH^8IS z&mheVcz0g}0u3MCZ>GCN%*^;t^yOaz6m<|7k%~hs1KKA|$tuC{=Mc;cB7%47A-l@{ zE=;mYaQA$Nf8}}!M)`Ik!nij^bP;_nOcO*^U8jptZ-l@N4i6(zf!Tc43Q<}d1kce= zT`Nq{7q-$(-A)(@0ftdDn$(uM8jOiAY$Q{sf-1q-_+nqEqMwMFS)>B9=hz8x7YAj1p*!C5)fA`^Ihd&P3SG+J{r+2E_ue;okgL5#o+Kp^Gka>vM&n@GDh zd5(v85F>QMogl#03j{)R5g{JLMljlu$*!_S2o+T5h5&%!<524!t;ocK*a)Pk&Ff_G}RJDv4B-enN6`CS+^LB;p4E@ zUf6;F7HKN(3!iH}6XF6aoL~7T+R@HU7$|>?Ty)A9=Y71K$Rix2u`q!#%`Zu*S%5;r-BLrtb ze=V}giITTtB>W%Ed2Z8YvZ-BT@Xq5vxtjxiYOI>f?3E00000NkvXX1g=70f;0nz%>V!Z delta 2315 zcmV+m3H0`z2*(piiBL{Q4GJ0x0000DNk~Le0000W0000W2nGNE0CReJ^Z)<=32;bR za{vGf6951U69E94oEQKA00(qQO+^Rd1Oo;wAKAh(uaQaCe+ZIEL_t(og`Jn%cN5nY z#(!rn(#X2o5|U+EzT@D;F%SsgRUpunC)&00(&pdspOlq6C0S`3LJB3u2F%sQ5MQx; zlPt;7NHcRzAI2zPa7nsfXJ+qj_Wt(wogXASkdge-(a-)pnImE0O;XwGP zG_NOom98DefBU{UT)N@Z`L(pflj0MW%gZ>PLoSwMEIYVYMU(WE^)SSmXkdv8BLFpe~o3|n_C>k0jVUmYg4QgnO>dd zr^TPRz48kSTMJa|Jv=13rXvt|(nBB!n_&i1gPiF-!{x!td|Eh5K9R>VEi|DW1wg99 z{gF!YeCIh2HXd?kWtux{cX+b#l=bR5&6e%It!WsBfk5C&59zs}z%&D7!WllujPgnT zG-nH+e=^=Z&QRA7x~3lmK%kVub{mu%do1oOa(nqUH-Ejw%-RgAd#kjXP0#>MM;96z z0wsQHo>B^hL`n$~Ov9u*mg98KDJBOdIoEfNk@N@&D}iNL2qE4aL9JQk>DE*JvviwV zOShQYm}7N!l~S{eCtZ-QAVbi!2%8-Q0~VmLe;u3sR-KmHJXkdW0(7Ah55~wR^Ni;{ zX0rbR=L_dKo<2?_7y%AQ*z}q#m6rH%;X2pg_}g4BbTN8XabcOf*Yh zvOsq)j1e+1brZ*PkV=vaB^b|s#QDDSoX(%7FHs;GjG|CfTQ!zT zzcRgYhnq{cc)0P1a-)Q%X@mkH9IwS*t<2r!S#r@FBk2*kW8DNg4gffwL)qSAv$jRq z-UGlgLLelb6eO%p&K1sa?Zh?C^q%o&e;JCuL8gzp#~Dq3z;J4Wujanu=F&~7%__R4 zqiY@1>}tElp1p_TIlqlS69Q8=2?PQdK@-<);Yt@*wuo9$PW7DRi}5eGcH$c8a0)|z zTRuW&h>`RNUEwZV=~8#<%&yH+Yt=Ay6ATELL4sxwQ#0EnGe*&I# zkxJ5==;iA0Rjv+Sq5BA7v0a<>y>*&ilV~u?*}_@MjS{6siTmsKaK!;BH3LI8(1g}j z**AVg`1=GNNZlh6j4+xW;sq@!|%KbU4*>iiz9=e;T~V+{-x@ zwijqP4e$yB(`ItBq$}{vV*sVsZbz&rAt@|(vcJ)GX%g^ZIjv6yX?2> z^mq0nmB$bBKk)t2@7b>HFnVm1Y&1*22of}cB&-B+E6!%Mi1fVI?EQTJe-sD-hHenh z1L(q+(9PNw|62T!`|ES$<2@KcXL@y-YOBVT(JTD*!@n?*`xsO6)B5B#+Jt+T>AX#6 z0cgIo+D?OpQ|Famh0G32J-|w7h1um9bfIAdEG`aT;>*)tGTDEDxaF^>=Xumy`+obC zIw08Fe*A_-DU^>^2dNaLe@2;&>IP-I3_xG9z@JC1a%t!iQ7cN&2y$ug5`Ulg8|VAZ zwTlC6@9(ftEwX3tA(aFTgb;0|eud?&4rm7e6i}+~@@#vNh3#kL6M4dcFlP&A5I`n! z4A*m*9GGNsV3K4g34oN6jp_#X*6*>fy}+Km=g(6=$o;MnC=^mkf28z$(-EKx4coO@ z*m=f{7dJ?UQ=H15A{LDC+3;tKWyg?8(%I38WmxTmu5?-4S>%_MUs&8;q~SC$brVnX zNg$<%l(Icm1ANnPJO{^dkgoK7T{jWH`rbPKT=)lJvjfWrGSPDqO=x7J?-nIjxop<9 zSSl^CTi^9p+R#9Of9txmoL1Xk+5mK+6EFh4WGcV`H{hUY1`VgdbPPJa8)oOwR1e7oNMgZ;LaAJV3&Nsp#u zv$?;?>fRbFgCGl z6|Rn4<)iL#e>yw5{F(|dG=p3`$LGgCXDBtq^zt;<7q2t3KEq0Bg{IR4;ghvwm)URa z^StyNp){1I(3Qr6t%n4SAcbTv$J58jM6+BR_!H9gC{~K}cJ^_3_#z|e5n{nu`+V45 z!=Mo)9Z8dpr0I@!laJ>aJ$9U#wOQsj=UJ_+(r7i1f3AxyTx_l3@3I1HC^bra8~Bz~ zIEA4Z40H}Kp8beeFh<3$kd1aTni+jdiu9?esj0(Ej#)8!lf4Y3hRDTpbObtZJ(s%M zpyf4DLZKNtK_iH1n7GOX&)^JxB?5WRM96G9LU zgc(i^f798~>31VN%Jj-K_tx$*zq3H8Uczp9ZAA-rgvlrJWTRQartg&E;Gpw*9KIeN zc`-R0rFw}+8;`iPbd!HC-{Qf`2b8M2D5Z#p$&uG^>L>63`40QIWo}%Hc l+!iM?C-|iIlm90T{{<~@*x45V@^k!G9ut7DkfkGLq@CZ9Ae}h*YLJ zxE>4rJD6NSe?}@(L9QV8t@naW1H`f9%qWOaN<;%pP}DG^LNZIJiD9w>Vaoh|63|G` zu!e+I=l;?W(C1tkLZ^FoSvr#eKgAY0!hW1)^`xL5nk zn`3f9}3#tUydK*?1UI#0!HElM)reskd~L>MG`40z&g5oC0UPbJjBO z>01NuKA+&}h7Vg(ptA{u{cJo;cWavNVb*@h0r%!8x4iWR>Izgrml{<2TN+s8Mto0pN!Hz7s5LzA5uCK2tpy3*7j z@*DzQx-?sG3wZf(32*kQT{}VhFs2mMfX~I&i#^%!4aD0 zsS4jjm{g_$0GM;~IFU6bm`YQJ&&h-1fLx(zAI7{{7d--8B9BsCr2GEvC1a!QUOqU_>z}=t=ZH*vb ze`(=V(b3X6Nv#R-FJsSYnXa3XU!Z|OL05NJ99 z$90n2?clH$azWrP?=9Nqi>ZZ3WvbXaP^`x4Mz@CP2I<@UsuIy4a)shV`^;4=SCFx} zQ?%ymTtSAwb5^1co4GrkVPK+dt0AAoe|%)hY{IT;Sfkb3!VZiovw|Yq>jP`1SFb{t z8al*H+f?^Tig<@MRi^D>gWT9z+pd?cW$?EHH7b9GiMs71+v`++M6YNeOfl6NmYIk( zM9eTWK;x#(i6S$bG!R|efm4!IW4TUmTS!7UJ1mNcRQyAtL=iUv@DJJERP36SGf3e z>s>m|a17i)3U(825TuONBcEU@O0rgN0**8~W`6B?JUl`Wf z1)uHqd9u~#pPPNY*vr^HDIwQj1$$l1epj<|RPe9;f1C#kG52nStV{&d0y)I(r7d2^ zfvmI~r<$+!GTz@vd2hYT)7^~DNlBrrH5D$x#yy^dk%q@BvmuX`V%}a%cx5JHyru}f z;UIglDWC6TtaWnEQw?S1Tmqt6)LI9`0!k1^lBJdd^7=x;>o+4_ zyWxObe+!_{mh;@Ods_18cAvklr+m1X^7Vd3H#LrdQaGm)l!Q|`UW><@D0R~ zVr3%Wty?jVmJ{yZjF@S9Gy;iN5mi`gtue53R`SX7l*j8`KHluJagejyHRPqK!ff5n zeMu`(Og9wcvBZ;t)7-FgRNq!5mT zz0$JLDR_6a%O9VfvT=}u72pYX&IptgOxG35;~^_k0XIiI8lj-j&`CAlos?`I7Ch_Z z?4D~1<3d~*%hplBRww8AQI0h*k$5x{NzJbSbPL1QNzOO>8Qbj~3JZw@B|uw{urTWL zf6h|EqvaYe&jd`?C246nJlCA2hHh@z864lYJ=P8j7YSd2G|)9{cM4YbGM=9ltW5dT zeCYrb+R`g5-P}@G9GyK0+7d{?+*rWx?j-!-ZiClvMoiZgAjnEXtV#}*re9j7>Wa}= zfdFfIe0N;Zw>ZLhmcl?ccfJM@@^Hi@e~<#-7bs6s7Py_4mdR@8zrWkyH;W0aNLC!P z7z=?C2qDO|Ay9%_qaMFqOvp>iYf%KgZUkL_cDH&vy03`)NR`O{qo+ntG z@OiWx^X5WKD;lU97z0WO8j)hU>2b5=69)n*1Pd*XdpAO6TOLwXX^KTkkX7ake^lXO zMJ`gB(jo*jYl=Hl0WZ&ljMpUETC}xD0iF^Bo}dv*=9(VM;{mNmp^b~mOw(ho<-Z6tzH-1d@q{V!W{x>1#$}MLm#i&NW4G2!MgSIvyJPLfC%9 zy$gLSmNa8YCpGvAN^^Ps{{TP$NH^&?(;TImTvv_750~~A+&~CIPteOP$9;`4RJCKs zoGSnXpaj}l+Fi}|Ny*{4#u$smBE%1)C@o~AVeibT<5ADJv#-+i`yj3We?Z_Q7&z}~ z)(>*N+{-xZX_Rznrj4c07spc?OI|u){lc<(Sn%=l9&7s|?Sj8;qsFCE@m%PwZC!EEWNbC5m4y#4Jzv z{Bl0x{f(5rZ}j+LFQap=9WR8ymX`LJ=A^5U28^+Y(y(<_G8#*k#(dsfNNB~1hl??h zgwA=%{HVu+TQSoOzv`4PabQrgn~|g$1xzf2KU$?(_9w&S6(WZlDm9 zvZ6f}`i7H!&R_oBWwzndN<3bj4Y@NBFd8e;!Z4Od#%ouFcW5n0e965V?kw-mg?zY? z^6q+%CtH2CjtcUkN+MMWOW>N9Zr|{2r(pN2aCZ-tBYyUTZfgM+^cwsCv91YKf{U_Le02>UHG+B3Ir2qf` M07*qoM6N<$f^U`2YybcN diff --git a/windows/security/threat-protection/windows-defender-atp/images/no-threats-found.png b/windows/security/threat-protection/windows-defender-atp/images/no-threats-found.png new file mode 100644 index 0000000000000000000000000000000000000000..fc3ee208d20c6c649ad4f60e8b3cf7a42f76b7d4 GIT binary patch literal 1098 zcmeAS@N?(olHy`uVBq!ia0vp^%0R5i!3HGvJ58_$Qk(@Ik;M!Qvh5(u*#GonDo~KU z#M9T6{SgbZpqTilLk|MLLaq@dj-@3T`9%yX*PZbI3h|TxgR)i&7IoN)<{nb5j{izw>hfWjH}H!TD(=<%vb9 z46z0OLCU$ohG!Nh=OhA^7BOr;u%#a;%mES(Pb|vI%u8oDApH#JY@lnw`b&$FQyISg zZ+;C^=A56Ko0?a`@a@dB{Xj7`kg|}>lAKhA74I&oGcYiVdb&7J6oSB$+(Eze!_K*bq7;qTgx5h4G+W=Cp3T2iMhnl)B9uQ%9pBUpO(M7zE<5> zN$HRJ$Lwy`ZMV*6Nhmo@OI28OH6SN*W(P-TsG@K1-!rALbNrT{KGgHKR)TfnbIV)X zWdHWP|1IEjhHX>Z#zup~rLioI4Ci*5P7&?74eWI};O|!+Z3F5W|KD@$3aYwuVZJ`uqED3T)5XpOW))U%vs5zJb5L|7L}dS&R+E z_kP=)HY$m2fB*h{q{I64>nmn_W=iG>6lpA8_cb&$l;4A6;lfj!=1kSho^dy?U4f&( zLPlY!%e?0=cJb|dpAGa!>~*QE{r8o9gR>R1C5}n>Ef?ZwZ?X*{s# zJ9qA30RzLHy?b-ng;+T}KDS;r!dM2V&jg{5y&J316v9Byx$yg6Iw*c++h>y`5k7s{x37MVLo zPE+J@w&>d|cTA^!CAaCCyi^Za^;JjaJ@-9l^g2)K_Eyg6Dkno{hFrU{Y*|YV@8ili ze{tW-J=0QrP8>eCL+aR{gP(uaY*tBjy2sPjaX@1BpM%v-Yz?bcT|2xYFJqS5>ql{( zZ3ndW?b~N&G_p*vdV!tof zdBa?=k)v{6bhK+J)BRTyHm>#%UV}(82a>bohJ&j(^?>O1L|K_&hg+A#!IL`=V_02o;aJyy? zm$a?nvAlDOeG@}^UY^Xksw!Mzct(J0N8Z(XzRjtB*b0CAYLN5Q1C<&Kp00i_>zopr E0FJ}h%K!iX literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/windows-defender-atp/images/partially-investigated.png b/windows/security/threat-protection/windows-defender-atp/images/partially-investigated.png new file mode 100644 index 0000000000000000000000000000000000000000..225988f58bc68a3e645d921a86759868237c53c3 GIT binary patch literal 908 zcmeAS@N?(olHy`uVBq!ia0vp^DnP8o!3HF6bNze)q&N#aB8wRqWZOZQvH$7ERG=Vx ziKnkC`y&=+L2*;NofE!-g0W#*+b9FTqnbT-hnVEv^<$*Bxq z|2MyeDRa)x%}vcKVfc1t+J2xI8%SA5W=T#e!-{v8)EO9jevFPQM$qw>7s31bP{roz-7h2GvPb6M1!UMZFD%Q~C& zKf-wRR{i+oJ=?f4ft zLwWI&o%ZEzi&f}KJNV?uy+cMPQ?7cZ&wO98*Ffop&Ws5S9@;5IZiW?azBR@vzOsKR zx>M0+xBs_>n&XoXO)--^QpuD#dEv3;2PJBbZ)QHSsZ;#6#q*;~k8CUto#|$slFPcf zO8M`zhh-`39;r!kn{u=}J}-GJeD!esox8UggEWf{_pSe7n=a-vrCmeKntkeqiPB#C z0)F-`a&#!1=ds(6`~J~J7YVzyr2$FLB$-!QaZODxnV0nI_t%@hb*}jBy?y->(2WOH z-7CqG`gZD=YvMUmk${_F6U-uyubC*Vb#}G%@fPle2MZOK>MRven_1=YEy0yZ>o(WF znmvpB>H6iOiNxYnCzJ(FOXb{*+$K6Dcj;M~yFbIl zKK-e&T=T|i#n%m9yYfPHvX63w+}61D!l`6#)*SU)X&bjs4VxP-viI*V-(PmSwwu3A zS^3>{$!-2%1Fz*tC5f$Hr=MJUb%D0+-2Fa!tJW~AJfQK=QhI`K?e6MV^?EgZju2lGe}Ai+TcHCYxd%aK!gNL8wGe^&C- zQh9P>+1AxSOEg89q(~4X0g#x_)SZU|in1k2zVY2v2QPiFd-d+!Ypp&)YpwZ2oWCG0 z8IN?ta5`kA_RJfAc+04xX^n+hH^vSk7gL%a$oyY|JC7g=X!TpXI(fy$(FPlb8@xPv$?MK*4hL<< z-UuS_!YPwz%5XZMJv?Nq`-?-k}_2SRI25CshVA^T?s zJU@KK_xo|BwvM-G586zE2}&!ZG>}4~wIQCJCS|vDY59cKN}rEvAW|V-IHfb{vURe5 z#p8p=Jl=oI#?c0Qy*9FLCKJ=^6)`vp&1PuXa1uzkEuYuLi` zJy5eE3(z8_1WOu7X&{6^X^qkmp$^f1=ewf84}4Cd6VAK=one>#vwe0>cevZT%gwnP zEajG{WU8dB6z4lV>p9Id@Yw6^@%Z3>`S;$xd3^8#+nsGX!wzGAOrS%=I}{~_#5Qd* zPKHb(L&{EJ7$#v9GW16brUQol06+9mTE$fr0lD^lES0F`P8REW57!D=3L?c&cA-_O1 zT_u;uV;L4f6wsTTax`qScecmD*#X^2mucw78zwYLMGU5W2Gc&>{t0KpK1yj^+a>L! zuw)g}Fk^6j6wsN(+_lkq&Q^PWi~gt&7TC6h(2`I^XyOEmxdm>|-R86U9oDLA%xCAx z*cnV|5~z^DbihG>pBG0jdDeQ$^P>&koW5b~Pmoezn>NZ&_`XknG+;|_QA(9rE-tfF zXp&FlFTjN=Watk$8J}=8I->8LfdbobuuYpN3K3e7w2~|rmia^TD;_R?J>+)n7R$wD z^2q|`tg;$Sq#}Cb9?e3NMy^gSnd4vli=VqYc*;WviEUb-1itUl_xcy33PsS0T){XRcQlUlY$%1%+s z)W|3Epksrud%8yu#ghwvAz}muXsO?$6f?#oFolV2+Bjxht*M$4>4+c*5JFH%RamdD z^XIF7=Hc=~YMB}m`C)>ZMJACU<)p9-i%BqH6pR=L6ZX&c@d6JiBp6^@HjW+7Ys|>} z7vKaS5lA8970p(vQKan*E5#KaEI#0V<34lgxlaN+4=E(`nR)JiFW#p;Jfbyd(HWmG z@3mun#TY=Ev+Aif(nPRetDb1LWqku^`L2EGNhqhP85~~$bN|II*TRNmn zm$Dn@a!d!$^FZkfCHWM%cS8tC!gRZrLKQLehHQ7X`F7`9#@>jGlfklVq#;2Hlu|@~L>T(`%A=N>=St-YUgYCyMG*Ro zg9$+x#8vx$h}--XxcE*aga8@$-`F418Fx6Ho)W5%q@5(~q_GW~p*P^nKLZ1V8H3Z2 z0zd9q!!~iP6d5OrAq__Uh|Z`(cid$XPG??_OAY5c-7MZdLdbYTXeQx=_TZ5H{u>5f zpF*<0y~gLy#Ph@Fygc5dH}0a8`o&2vn6P#7ibs3jl27KjGk1qSF8`5)m86ob@N?%iLvMsu3d1nTC-Yn{ukrQr*F0!G zz%ncz?LFe<$tF9!9mdmfZ0V&06`_?T3`2q_n5oh`;LxD8La7K9DWXV06!V;6T7+Rp zYtZ7mH{X#kli1ScM)d|?HNRpZ*N8pas1rATy_I4p(2IS>aC=`1t*DJZNg6Cm=0112qE-COev63FbO8?^mZ}jH%KItV8Tjq zm1=s9e6qlBI$#=kxTZ@zH_u{zk%C)52!U%QDW}RT=9|`fx%w^{&qzbfyHcBaiAiyw81P0U45jYXclOb~1_`-jj=Ag{)$|-$ zC%!WN0$e^>;7aKVUpBuaPysIzFX)Vaju{4HLKVi9)|%mDz?Qc~dvL^dcblcc67_7I zw39}w_^Uv|aG1~4xKqEwy~a94w@9q=5uwPwx00p@EKdjTeSKuroki@X&_Jm-EoI$G~sxEbWARh zBWWfPS`daIXej5(bf-NsPL@m~R*`05i3f`h7Z1?PEPSc@9kZ5>P3MJ!{jf^d#jx+?|^*x^MKOya; zaP1V1m0-2BO2I8~qk4mKszextl-x3NnF@S>h>gGf{cnGdvHfz;F%#r}lX+^{8ueVA za=J{)P9dd1q&2?s0auD(MPKg(c?FbC}W~VI{~WvJ~AS znM68Pq{|fIvan5?O1exgnWN;En9EdIC@k{4y}@St1+Tl?91hwH{UK2ppoq{jrLY`} zVyZ~ljW0o_wBFeyfo<4-ADMaf-f#Kr3bApFO+c5|-EE$=p7F!}4?H`3%Fn$W`lCKk z7$K!3l}It4o#$HR8lN}r@u2yDyY;)wXX=UfLJu!HNktdv%`S-VL!T_u~y;aV=1G(Y++?*A3syK&GzVDo5`_MlDLNprn& gookhAzc(%a0hNBL8a;?lw*UYD07*qoM6N<$g03XzGXMYp delta 2262 zcmV;{2r2jF8Ltx|iBL{Q4GJ0x0000DNk~Le0000W0000W2nGNE0CReJ^pPPU2L>!U zi{00$kxABn2zp6GK~z|UrI*=P9M=)Xe|>wIePf0h28J1gSR`vh!aj!Bv4iY$q9o2a z@n2;9O@445k_X#5w&X-eMvFmMNNgHlScYNNp62jeH!YKI=wp@-9d{1|Tw{?guD)U=yC-+RtNWr3CI zGLGlcpXld8?gD2s!z4qgW9zhI+c@3c3E<7(+s$nrZ#?GK(k*^i{(;5qMO^7o>M1c* zoZ=57pK^8JDt+-jgeH!>ybH#EWdLBSzQyA9B6H)a^P7 zg{~WDXn4{^DMiQ%Gt@K0WMPs|&wj#G@k2^ILj;W=y3pSSK&m$}deYnS*BA2458;LhqD?yTJA(dHw{)iV2k zb`7cg-5vH8Au~iY5G7y+0cblNns$SZ+kRDTLLktHSuy&P{anglWV$rXRB4*?x$`6r z+tvWE-3}|&6~24=9bZ5Gng``M>fO5UM>jBpg+L=>MaakcD5Xl|6M5pn1OWT(8XE^? zmaEHb);DQ6Z2**#)a-p~8~d#7t+2j-yN>O230q;td&dYE0UtoU+hA#LiP_b=JY0W3 zy;VmK>sZ3V@m!>oq#|jq3d9d-2y;c=n z7lf@aw%4W6Z1U*EBL)%$#6y>2Lh`{GaFv^!&%SIkc;L{ z?d6wd>L&SEo|%yuwi*?-8e2Txe2nY)6|V~&L-%961R#z(&;TVBNRUbr2}C%T9cOxI zilJ2LoxzXWaC(^Op=ri4V}z|RQb~|-n&yeuAALQ*15MLNhtiZ%B?gm!gTFaA_$e(V zOB7Q@Qo$6Orhx}isS}cXLYfpl07K}cBWW_>44(9;)GO?^cClR>LpR@Wq>xJCNso{f zA{)tK=_c7omQ*OkR-=M1lqVTD9RPm5!e)qo5n#W)&o7(5@a@vKRGQmFtSH7YZI?>o zN|&x{Q%DxLF@A%-SRWyOD@4!?9y=KimF!&r!2d@n=z3io&&77TEblGz&HOh!-CiOY zN@5xoLKi3$p5x&-HeK1}TJai_g-No}ES_}fxE(*O+Hbm$C?Box52Wqp4%@Bmqk;?= z0UW!_wp{@oG(-0pvwi)KM54q3ae`)uR=360!4|u%J--Nb&@^#>A`Qm?Xn=;M3DCh) z9+gIgrQN6Owssg!4|C((A8{Oq$7_$F14{S&r7jSJiGc||KJ$AbW`y~zdFCtgR9jV_ zdfhMVQyEYwq?CA4`rHfu)N6H{EL0Y_w?50~qn~qQ{0645FbspW>Y9H91D0tqmKo>E z%U?1xGDE{@aCd!wmifv8?QRRxu>5{gKC@EFBPNWOMdWy0x=t6*m7q9MyOrt+|NQkI z!~$_X8UBR7T=;@wPm$+4Qc5t>dm*2{aj_n0VLB^%9hd-+FJ_gC3z?tllF8Yqyi z#Bm%P>G)}R2|(9$0!Dy<5%6zt4mhrZuIn_rP3FoEFhu}=DJ7GG?{hhSg^~0K)piwu zPJbfLXl9gTIEhkGS)lBXQS8II4HB* z++)911rK_EqA3PbgXE$)LS_g6{pQV^H+7*O>a9}Rtk=SrSrpU@la<>RxzV>CNPJP^ka#_Mfp85S8M zLne|T7t2vd6d28na)13E3zY@dYU{M@Ca&Yq=sGk+n!G*qy zoJpU5!4wvk`Y)0S^)T9d)^GD;rhj$wtDC+Gyz0?dFh(I!U?elbKw^MMAcChn+HMEi z>!37+X6OWrAf{pB;(~&<*Ct>EIMZ{6vzfD4x=A7wCl||+j;0aX$*cLPQmmm7w!)lA z50MI|7)bOpmK|qyZI-zg_gUC^!ftaHyW2j0S`!IJDD@0cOcoF4M1Mm<6Ii-+S{Ogp zyN1)_R_h$_q_V)Bl{@^n`~!0v57|A~K}kg-lHgqK9PbZ)z*K39%l((>i}f8{z29ZO z836bbak=(_rQId&m*;p^d5Yt?4E78%IXKC1dYD|Sk9Z({>JajO12}F=J4-y;ctpn` k?J(Xu&O~A2e{sWq0LjeJhU0xk-2eap07*qoM6N<$f|IB~O8@`> diff --git a/windows/security/threat-protection/windows-defender-atp/images/terminated-by-system.png b/windows/security/threat-protection/windows-defender-atp/images/terminated-by-system.png new file mode 100644 index 0000000000000000000000000000000000000000..7db354747c11e93aec73582d37077c7bad4c5906 GIT binary patch literal 892 zcmeAS@N?(olHy`uVBq!ia0vp^%0R5a!3HEt(_S?0@<(6)4DF z;_2(k{)mNHP|P6wM5r}b$TgzGv9u&3zldSwx-%X?A)XSTkV|TDa#3bMNoIZ?gD|He z$b2r4xO09%Wl?5&MhU|j{xeoUQ9iI}QEDPcsX|F+ZYqQ6cYaQw3@1n?I6tkVJh3R1 zA-3Q@NI5sy@XX@moJ63~B8Ke;w)6vqIY7eUiA8ytdFc!Xq@Mwu4RkG7e`!&2D#O?R z&97m~obz*YQ}ap~zMYx2A1KBKQWla~l9S4?;@u^61_mZ~PZ!6Kh}OL`0?(~75NP$! zk6{;>-smV6ba-{1qxk``FM&zoO)k?Cb);YZcktS<=**TU^Nz4@oO1r9Pc>U&k0Hkt zLpG<53z;ACIR%!A0QrC851AVslh~5my=qlkcA?DU3Y%}j)h=DU$%?ObwOy+!@|l)8 zA!t+M2?LRijgKtc<~{egJcY-#X=CL@6W+`q@vdDZ_KC|r9SWbabaqRmP|}*6ORJk7 zK0A6T;LsN)hWC3o8l|33HaIrp_S<7^Kem0dyB#(y^~T#W+cS0h(;aUZFgwgzmcL(n z>4j3+xb@=PFN$_19Np>2(YQ#%j^Ws(AienaNtXuxnAm+e1rEa45F9 zJU-DBzdrm@MNkS*u(_vk+wHeT2A-29On)|e$&`-A7Ba`ed{->e;A$^ioa8I=)c9J} z-g&KwQ_UErqSbjP4$Gl}PbCfpcs((H6$@2D%iJp^MO!_7%uS-jedH#O$eFlfy z+cqbsP50D%`n4eZ{BvWOWv_R+CTOfn5Od4!J^omb#cA*S5Z}pfo-W^fb5HE_pnoOxWv?R`_qwil zJu63a>$M9}^=l`r3{yG(x&LP@_wQ?~e*6j#zxH*vgO}!=_un7xdM%?q+d}^Tt5a5W z;i-{)wv$)Sf4kOpVeP_m&y7zrpEvvWm~S%o(_0-065?Hx{ij?z#(k`7lD|{O!?n!r x_tsxr_9-)Fm7Ur>>0_--cHUq2AJ$oEFW9tW&0J&K*}z1`;OXk;vd$@?2>=Lzefa