mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-18 20:03:40 +00:00
TA-updates
This commit is contained in:
Louie Mayor
Binary file not shown.
|
After Width: | Height: | Size: 536 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 106 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 304 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 152 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 81 KiB |
@ -22,19 +22,23 @@ ms.topic: article
|
||||
**Applies to:**
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
With adversaries becoming more sophisticated and threats like human-operated ransomware emerging frequently and prevalently, it is critical to quickly assess impact and resilience against new threats.
|
||||
With more sophisticated adversaries and new threats emerging frequently and prevalently, it is critical to be able to quickly:
|
||||
|
||||
Threat analytics is a set of reports from Microsoft security researchers covering the most relevant threats, including:
|
||||
- Assess the impact of a new threat
|
||||
- Review your resilience against or exposure to the threat
|
||||
- Identify the actions you can take to stop or contain the threat
|
||||
|
||||
- Active cybercrime groups and their campaigns
|
||||
- Heavily utilized attack techniques
|
||||
- New vulnerabilities
|
||||
Threat analytics is a set of reports from expert Microsoft security researchers covering the most relevant threats, including:
|
||||
|
||||
- Active threat actors and their campaigns
|
||||
- Popular and new attack techniques
|
||||
- New and critical vulnerabilities
|
||||
- Common attack surfaces
|
||||
- Prevalent malware
|
||||
|
||||
Each report is prepare by Microsoft security experts and provides a detailed analysis of the threat as well as guidance on how to mitigate and stop the threat. It also provides dynamic data from your network, indicating whether the threat is active and if you have mitigations, such as security updates and recommended settings, in place. Use the reports to assess the impact of threats to your network and identify actions you can take to contain them.
|
||||
Each report provides detailed analysis of a threat and extensive guidance on how to defend against the threat. It also provides dynamic data from your network, indicating whether the threat is active and if you have applicable security updates and recommended settings in place.
|
||||
|
||||
Watch this short video to quickly understand how threat analytics can help you track the latest threats and stop them.
|
||||
Watch this short video to learn more about how threat analytics can help you track the latest threats and stop them.
|
||||
<p></p>
|
||||
|
||||
> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4bw1f]
|
||||
@ -43,9 +47,9 @@ Watch this short video to quickly understand how threat analytics can help you t
|
||||
|
||||
The threat analytics dashboard is a great jump off point for getting to the reports that are most relevant to your organization. It provides several overviews about the threats covered in the reports:
|
||||
|
||||
- **Latest threats** — lists the most recently published threat reports, along with the number of devices with resolved and unresolved alerts.
|
||||
- **High-impact threats** — lists the threats that have had the highest impact on the organization in terms of the number of devices that have had related alerts, along with the number of devices with resolved and unresolved alerts.
|
||||
- **Threat summary** — shows the number of threats among the threats reported in threat analytics with actual alerts.
|
||||
- **Latest threats**—lists the most recently published threat reports, along with the number of devices with active and resolved alerts.
|
||||
- **High-impact threats**—lists the threats that have had the highest impact to the organization. This card ranks threats by the number of devices that have active alerts.
|
||||
- **Threat summary**—shows overall impact of the threats reported in threat analytics by showing the number of threats with active and resolved alerts.
|
||||
|
||||
|
||||
|
||||
@ -53,20 +57,39 @@ Select a threat from any of the overviews or from the table to view the report f
|
||||
|
||||
## View a threat analytics report
|
||||
|
||||
Each threat report generally provides an overview of the threat and an analysis of the techniques and tools used by the threat. It also provides mitigation recommendations and detection information. It includes several cards that show dynamic data about how your organization is impacted by the threat and how prepared it is to stop the threat.
|
||||
Each threat analytics report provides information in three sections: **Overview**, **Analyst report**, and **Mitigations**.
|
||||
|
||||
|
||||
### Quickly understand a threat and assess its impact to your network in the overview
|
||||
|
||||
### Organizational impact
|
||||
The **Overview** section provides a quick preview of the detailed analyst report. It also provides charts that highlight the impact of the threat to your network and your network's exposure through misconfigured and unpatched devices.
|
||||
|
||||
|
||||
_Overview section of a threat analytics report_
|
||||
|
||||
#### Organizational impact
|
||||
Each report includes cards designed to provide information about the organizational impact of a threat:
|
||||
- **Devices with alerts** — shows the current number of distinct devices that have been impacted by the threat. A device is categorized as **Active** if there is at least one alert associated with that threat and **Resolved** if *all* alerts associated with the threat on the device have been resolved.
|
||||
- **Devices with alerts over time** — shows the number of distinct devices with **Active** and **Resolved** alerts over time. The number of resolved alerts indicates how quickly your organization responds to alerts associated with a threat. Ideally, the chart should be showing alerts resolved within a few days.
|
||||
- **Devices with alerts**—shows the current number of distinct devices that have been impacted by the threat. A device is categorized as **Active** if there is at least one alert associated with that threat and **Resolved** if *all* alerts associated with the threat on the device have been resolved.
|
||||
- **Devices with alerts over time**—shows the number of distinct devices with **Active** and **Resolved** alerts over time. The number of resolved alerts indicates how quickly your organization responds to alerts associated with a threat. Ideally, the chart should be showing alerts resolved within a few days.
|
||||
|
||||
### Organizational resilience
|
||||
#### Organizational resilience and exposure
|
||||
Each report also includes cards that provide an overview of how resilient your organization can be against a given threat:
|
||||
- **Security configuration status** — shows the number of devices that have applied the recommended security settings that can help mitigate the threat. Devices are considered **Secure** if they have applied _all_ the tracked settings.
|
||||
- **Vulnerability patching status** — shows the number of devices that have applied security updates or patches that address vulnerabilities exploited by the threat.
|
||||
- **Mitigation details** — lists specific actionable recommendations that can help you increase your organizational resilience. This card lists tracked mitigations, including recommended settings and vulnerability patches, along with the number of devices that don't have the mitigations in place.
|
||||
- **Security configuration status**—shows the number of devices that have applied the recommended security settings that can help mitigate the threat. Devices are considered **Secure** if they have applied _all_ the tracked settings.
|
||||
- **Vulnerability patching status**—shows the number of devices that have applied security updates or patches that address vulnerabilities exploited by the threat.
|
||||
|
||||
### Get expert insight from the analyst report
|
||||
Go to the **Analyst report** section to read through the detailed expert write-up. Most reports provide detailed descriptions of attack chains, including tactics and techniques mapped to the MITRE ATT&CK framework, exhaustive lists of recommendations, and powerful [threat hunting](advanced-hunting-overview.md) guidance.
|
||||
|
||||
|
||||
_Analyst report section of a threat analytics report_
|
||||
|
||||
### Review list of mitigations and the status of your devices
|
||||
In the **Mitigations** section, you can review the list of specific actionable recommendations that can help you increase your organizational resilience. This card lists tracked mitigations, including recommended settings and vulnerability patches, along with the number of devices that don't have the mitigations in place.
|
||||
|
||||
Mitigation information in this section incorporates data from [threat and vulnerability management](next-gen-threat-and-vuln-mgt.md), which also provides detailed drill-down information from various links in the report.
|
||||
|
||||
|
||||
_Mitigations section of a threat analytics report_
|
||||
|
||||
|
||||
### Additional report details and limitations
|
||||
When using the reports, keep the following in mind:
|
||||
@ -76,3 +99,7 @@ When using the reports, keep the following in mind:
|
||||
- Mitigations don't guarantee complete resilience. The provided mitigations reflect the best possible actions needed to improve resiliency.
|
||||
- Devices are counted as "unavailable" if they have been unable to transmit data to the service.
|
||||
- Antivirus related statistics are based on Microsoft Defender Antivirus settings. Devices with third-party antivirus solutions can appear as "exposed".
|
||||
|
||||
## Related topics
|
||||
- [Hunt for cyberthreats](advanced-hunting-overview.md)
|
||||
- [Assess and resolve security weaknesses and exposures](next-gen-threat-and-vuln-mgt.md)
|
||||
|
||||
Reference in New Issue
Block a user