deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-19 08:47:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update new techniques page

Browse Source
This commit is contained in:
schmurky 2021-02-03 14:34:49 +08:00
parent 12cd49bcf5
commit 53274a98d1
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
windows/security/threat-protection/microsoft-defender-atp/techniques-device-timeline.md
View File

@ -24,6 +24,9 @@ ms.technology: mde
**Applies to:** **Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>[!IMPORTANT]
>Some information relates to a prereleased product feature in public preview which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
In Microsoft Defender for Endpoint, **Techniques** are a grouping of events that when taken together indicate activity associated with certain [MITRE ATT&CK](https://attack.mitre.org/) techniques or sub-techniques. In Microsoft Defender for Endpoint, **Techniques** are a grouping of events that when taken together indicate activity associated with certain [MITRE ATT&CK](https://attack.mitre.org/) techniques or sub-techniques.
This feature simplifies the investigation experience by helping analysts understand at a glance whether suspicious activities happened on or affected a device and whether those activities indicate a need for closer investigation. This feature simplifies the investigation experience by helping analysts understand at a glance whether suspicious activities happened on or affected a device and whether those activities indicate a need for closer investigation.
@ -46,7 +49,8 @@ To view only either events or techniques, select Filters from the device timelin
[FILTER screenshot] [FILTER screenshot]
IMPORTANT: Event group filters do not affect Techniques, so when Techniques data type is selected, all techniques are shown. >[!IMPORTANT]
>Event group filters do not affect Techniques, so when Techniques data type is selected, all techniques are shown.
To view File events only without Techniques, select Events data type and File events event group. To view File events only without Techniques, select Events data type and File events event group.