deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 14:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merged PR 6639: Updated

Browse Source 
Updated advanced-hunting-reference-windows-defender-advanced-threat-protection.md
This commit is contained in:
Liza Mash 2018-03-26 17:36:37 +00:00 committed by Joey Caparas
commit 18c56ac5a8
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md
View File

@ -28,7 +28,7 @@ ms.date: 04/16/2018
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
## Advanced hunting query best practices
The following best practices serve as a guideline for you to maximize the advanced hunting capability.
The following best practices serve as a guideline of query performance best practices and for you to get faster results and be able to run complex queries.
- Use time filters first. Azure Kusto is highly optimized to utilize time filters. For more information, see [Azure Kusto](https://docs.microsoft.com/connectors/kusto/).
- Put filters that are expected to remove most of the data in the beginning of the query, following the time filter.
- Use 'has' keyword over 'contains' when looking for full tokens.