deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-19 16:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

update machine and user page to include ATA

Browse Source
This commit is contained in:
Joey Caparas 2017-06-02 11:56:55 -07:00
parent bf96be0c9b
commit 16f4ef8a65
3 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
windows/threat-protection/windows-defender-atp/images/atp-user-view-ata.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 453 KiB

10
windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md
View File

@ -41,15 +41,13 @@ When you investigate a specific machine, you'll see:
[TAKEN FROM MOCK ONLY!! JOEY: UPDATE WITH ACTUAL WHEN READY!!] [TAKEN FROM MOCK ONLY!! JOEY: UPDATE WITH ACTUAL WHEN READY!!]
![Image of machine details page](images/atp-machine-view-ata.png) ![Image of machine details page](images/atp-machine-view-ata.png)
The machine details, Advanced Threat Analytics alerts, total logged on users, and machine reporting sections display various attributes about the machine. Youll see details such as machine name, health state, actions you can take on the machine, and others. The machine details, ATA alerts, total logged on users, and machine reporting sections display various attributes about the machine.
The machine details tile provides information such as the domain and OS of the machine. If there's an investigation package available on the machine, you'll see a link that allows you to download the package.
For more information on how to take action on a machine, see [Take response action on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md). For more information on how to take action on a machine, see [Take response action on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md).
From this view, you'll see other information such as domain, operating system (OS) and build, ATA alerts, total logged on users and who frequently and less frequently logged on, IP address, and how long it's been reporting sensor data to the Windows Defender ATP service. If you have enabled the ATA feature and there are alerts related to the machine, you can click on the link that will take you to the ATA page where more information about the alerts are provided. The ATA tile also provides details such as the last AD site and total domain group memberships.
[DRAFT ON ATA BELOW!!!]
If you have enabled the Advanced Threat Analytics feature and there are alerts on the machine, you can click on the link that will take you to the ATA page where more information about the alerts are provided.
Clicking on the number of total logged on users in the Logged on users tile opens the Users Details pane that displays the following information for logged on users in the past 30 days: Clicking on the number of total logged on users in the Logged on users tile opens the Users Details pane that displays the following information for logged on users in the past 30 days:

14
windows/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md
View File

@ -31,13 +31,21 @@ You can find user account information in the following views:
A clickable user account link is available in these views, that will take you to the user account details page where more details about the user account are shown. A clickable user account link is available in these views, that will take you to the user account details page where more details about the user account are shown.
When you investigate a user account entity, you'll see: When you investigate a user account entity, you'll see:
- User account details and Logged on machines - User account details, Advanced Threat Analytics (ATA) alerts, and Logged on machines
- Alerts related to this user - Alerts related to this user
- Observed in organization (machines logged on to) - Observed in organization (machines logged on to)
![Image of the user account entity details page](images/atp-user-details-view.png)
The user account entity details and logged on machines section display various attributes about the user account. You'll see details such as when the user was first and last seen and the total number of machines the user logged on to. You'll also see a list of the machines that the user logged on to, and can expand these to see details of the logon events on each machine. [TAKEN FROM MOCK ONLY!!! JOEY: UPDATE WITH ACTUAL WHEN READY!!!]
![Image of the user account entity details page](images/atp-user-view-ata.png)
The user account entity details, ATA alerts, and logged on machines sections display various attributes about the user account.
The user entity tile provides details such as when the user was first and last seen. You can also contact the user using the link provided on the tile. [JOEY: CHECK IF THIS IS CORRECT.]
If you have enabled the ATA feature and there are alerts related to the user, you can click on the link that will take you to the ATA page where more information about the alerts are provided. The ATA tile also provides details such as the last AD site, total group memberships, and login failure associated with the user.
You'll also see a list of the machines that the user logged on to, and can expand these to see details of the logon events on each machine.
The **Alerts related to this user** section provides a list of alerts that are associated with the user account. This list is a filtered view of the [Alert queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows alerts where the user context is the selected user account, the date when the last activity was detected, a short description of the alert, the machine associated with the alert, the alert's severity, the alert's status in the queue, and who is assigned the alert. The **Alerts related to this user** section provides a list of alerts that are associated with the user account. This list is a filtered view of the [Alert queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows alerts where the user context is the selected user account, the date when the last activity was detected, a short description of the alert, the machine associated with the alert, the alert's severity, the alert's status in the queue, and who is assigned the alert.