deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 23:07:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Updated threat-protection-reports-windows-defender-advanced-threat-protection.md

Browse Source
This commit is contained in:
Louie Mayor 2019-01-04 05:28:50 +00:00
parent a20258cf7f
commit 390faa9ff8
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md
View File

@ -20,8 +20,9 @@ ms.date: 11/07/2018
[!include[Prerelease information](prerelease.md)]
The threat protection report provides high-level information about alerts generated in your organization. The report includes trending information showing the detection sources, categories, severities, statuses, classifications, and determinations of alerts across time as well as a current day snapshot.
The threat protection report provides high-level information about alerts generated in your organization. The report includes trending information showing the detection sources, categories, severities, statuses, classifications, and determinations of alerts across time as well as the last full day.
## Alert attributes
The report is made up of cards that display the following alert attributes:
- **Alert detection sources**: shows information about the sensors and detection technologies that provide the data used by Windows Defender ATP to trigger alerts.
@ -34,6 +35,11 @@ The report is made up of cards that display the following alert attributes:
- **Alert classification & determination**: shows how you have classified resolved alerts, whether you have classified them as actual threats (true alerts) or as incorrect detections (false alerts). The card also provide the determination of alerts, further explaining the resolution with information like the type of actual threat or the legitimate activity that was incorrectly detected.
## 30-day and today cards
For each of the described alert attributes, the report provides two cards:
- **30-day cards**: shows daily trending information from a 30-day period
- **Today cards**: shows 24-hour snapshot information from the latest completed or full day
## Set start date of 30-day cards
By default, the 30-day cards in the report display data from the 30-day period ending in the latest full day. To adjust this 30-day window, select a different start day under **Filters > Start date for 30-day cards**.