mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-29 13:47:23 +00:00
New page techniques feature
This commit is contained in:
schmurky
parent
659936eb28
commit
12cd49bcf5
@ -0,0 +1,61 @@
|
|||||||
|
---
|
||||||
|
title: Techniques in the device timeline
|
||||||
|
description: Understanding MITRE ATT&CK techniques grouping in the device timeline in Microsoft Defender for Endpoint
|
||||||
|
keywords: device timeline, endpoint, MITRE, MITRE ATT&CK, techniques, tactices
|
||||||
|
search.product: eADQiWindows 10XVcnh
|
||||||
|
search.appverid: met150
|
||||||
|
ms.prod: m365-security
|
||||||
|
ms.mktglfcycl: deploy
|
||||||
|
ms.sitesec: library
|
||||||
|
ms.pagetype: security
|
||||||
|
ms.author: maccruz
|
||||||
|
author: schmurky
|
||||||
|
ms.localizationpriority: medium
|
||||||
|
manager: dansimp
|
||||||
|
audience: ITPro
|
||||||
|
ms.collection: M365-security-compliance
|
||||||
|
ms.topic: article
|
||||||
|
ms.technology: mde
|
||||||
|
---
|
||||||
|
|
||||||
|
# ATT&CK techniques in the device timeline
|
||||||
|
|
||||||
|
|
||||||
|
**Applies to:**
|
||||||
|
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||||
|
|
||||||
|
In Microsoft Defender for Endpoint, **Techniques** are a grouping of events that when taken together indicate activity associated with certain [MITRE ATT&CK](https://attack.mitre.org/) techniques or sub-techniques.
|
||||||
|
|
||||||
|
This feature simplifies the investigation experience by helping analysts understand at a glance whether suspicious activities happened on or affected a device and whether those activities indicate a need for closer investigation.
|
||||||
|
|
||||||
|
## Techniques in the device timeline
|
||||||
|
|
||||||
|
For public preview customers, Techniques are available by default and are shown together with events when a device's timeline is viewed.
|
||||||
|
|
||||||
|
[TIMELINE screenshot]
|
||||||
|
|
||||||
|
Techniques are highlighted in bold text and appear with a blue icon on the left. The corresponding MITRE ATT&CK ID and technique name also appears as tags under Additional information.
|
||||||
|
|
||||||
|
Selecting a Technique opens the side pane and shows additional information and insights like related ATT&CK techniques, tactics, and descriptions.
|
||||||
|
|
||||||
|
Search and Export options are also available for Techniques.
|
||||||
|
|
||||||
|
## Filtering to view techniques or events only
|
||||||
|
|
||||||
|
To view only either events or techniques, select Filters from the device timeline and choose your preferred Data type to view.
|
||||||
|
|
||||||
|
[FILTER screenshot]
|
||||||
|
|
||||||
|
IMPORTANT: Event group filters do not affect Techniques, so when Techniques data type is selected, all techniques are shown.
|
||||||
|
|
||||||
|
To view File events only without Techniques, select Events data type and File events event group.
|
||||||
|
|
||||||
|
Selecting Techniques automatically shows all techniques.
|
||||||
|
|
||||||
|
## See also
|
||||||
|
|
||||||
|
- [View and organize the Devices list](machines-view-overview.md)
|
||||||
|
- [Microsoft Defender for Endpoint device timeline event flags](device-timeline-event-flag.md)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Loading…
x
Reference in New Issue
Block a user