mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-15 02:13:43 +00:00
Merge remote-tracking branch 'refs/remotes/origin/atp-polish' into rs2
This commit is contained in:
jcaparas
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Turn on advanced features in Windows Defender Advanced Threat Protection
|
||||
title: Turn on advanced features in Windows Defender ATP
|
||||
description: Turn on advanced features such as block file in Windows Defender Advanced Threat Protection.
|
||||
keywords: advanced features, preferences setup, block file
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
|
||||
@ -75,6 +75,6 @@ Portal label | SIEM field name | Description
|
||||
|
||||
## Related topics
|
||||
- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
|
||||
- [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md)
|
||||
- [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md)
|
||||
- [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
|
||||
- [Configure ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
|
||||
- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Check sensor health state in Windows Defender ATP
|
||||
description: Check sensor health on machines to see if they are misconfigured or inactive.
|
||||
title: Check the health state of the sensor in Windows Defender ATP
|
||||
description: Check the sensor health on machines to identify which ones are misconfigured, inactive, or are not reporting sensor data.
|
||||
keywords: sensor, sensor health, misconfigured, inactive, no sensor data, sensor data, impaired communication, communication
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
|
||||
@ -180,6 +180,5 @@ Windows Defender ATP alerts will appear as discrete events, with "Microsoft” a
|
||||
|
||||
## Related topics
|
||||
- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
|
||||
- [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md)
|
||||
- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
|
||||
- [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
|
||||
- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
@ -135,6 +135,6 @@ Use the solution explorer to view alerts in Splunk.
|
||||
|
||||
## Related topics
|
||||
- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
|
||||
- [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md)
|
||||
- [Configure ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
|
||||
- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
|
||||
- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Create threat intelligence using REST API in Windows Defender ATP
|
||||
title: Create custom alerts using the threat intelligence API
|
||||
description: Create your custom alert definitions and indicators of compromise in Windows Defender ATP using the available APIs in Windows Enterprise, Education, and Pro editions.
|
||||
keywords: alert definitions, indicators of compromise, threat intelligence, custom threat intelligence, rest api, api
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
@ -389,7 +389,8 @@ The following articles provide detailed code examples that demonstrate how to us
|
||||
|
||||
## Related topics
|
||||
- [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
|
||||
- [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
|
||||
- [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md)
|
||||
- [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md)
|
||||
- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
|
||||
- [PowerShell code examples for the custom threat intelligence API](powershell-example-code-windows-defender-advanced-threat-protection.md)
|
||||
- [Python code examples for the custom threat intelligence API](python-example-code-windows-defender-advanced-threat-protection.md)
|
||||
- [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
|
||||
- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
@ -41,7 +41,8 @@ You’ll need to use the access token in the Authorization header when doing RES
|
||||
|
||||
## Related topics
|
||||
- [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
|
||||
- [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md)
|
||||
- [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md)
|
||||
- [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md)
|
||||
- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
|
||||
- [PowerShell code examples for the custom threat intelligence API](powershell-example-code-windows-defender-advanced-threat-protection.md)
|
||||
- [Python code examples for the custom threat intelligence API](python-example-code-windows-defender-advanced-threat-protection.md)
|
||||
- [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
|
||||
- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Enable SIEM integration in Windows Defender Advanced Threat Protection
|
||||
title: Enable SIEM integration in Windows Defender ATP
|
||||
description: Enable SIEM integration to receive alerts in your security information and event management (SIEM) solution.
|
||||
keywords: enable siem connector, siem, connector, security information and events
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
@ -49,7 +49,7 @@ Enable security information and event management (SIEM) integration so you can p
|
||||
You can now proceed with configuring your SIEM solution or connecting to the alerts REST API through programmatic access. You'll need to use the tokens when configuring your SIEM solution to allow it to receive alerts from the Windows Defender ATP portal.
|
||||
|
||||
## Related topics
|
||||
- [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md)
|
||||
- [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md)
|
||||
- [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
|
||||
- [Configure ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
|
||||
- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
|
||||
- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
@ -82,3 +82,11 @@ This step will guide you in exploring the custom alert in the portal.
|
||||
|
||||
> [!NOTE]
|
||||
> It can take up to 15 minutes for the alert to appear in the portal.
|
||||
|
||||
## Related topics
|
||||
- [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
|
||||
- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
|
||||
- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
|
||||
- [PowerShell code examples for the custom threat intelligence API](powershell-example-code-windows-defender-advanced-threat-protection.md)
|
||||
- [Python code examples for the custom threat intelligence API](python-example-code-windows-defender-advanced-threat-protection.md)
|
||||
- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Fix unhealthy sensors in Windows Defender ATP
|
||||
description: Fix machine sensors that are reporting as misconfigured or inactive.
|
||||
description: Fix machine sensors that are reporting as misconfigured or inactive so that the service receives data from the machine.
|
||||
keywords: misconfigured, inactive, fix sensor, sensor health, no sensor data, sensor data, impaired communication, communication
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Update general Windows Defender Advanced Threat Protection settings
|
||||
description: Update your general Windows Defender Advanced Threat Protection settings after onboarding.
|
||||
description: Update your general Windows Defender Advanced Threat Protection settings such as data retention or industry after onboarding.
|
||||
keywords: general settings, settings, update settings
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 36 KiB After Width: | Height: | Size: 39 KiB |
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Investigate user account in Windows Defender Advanced Threat Protection
|
||||
description: Investigate a user account in Windows Defender Advanced Threat Protection for potential compromised credentials or pivot on the associated user account during an investigation.
|
||||
title: Investigate a user account in Windows Defender ATP
|
||||
description: Investigate a user account for potential compromised credentials or pivot on the associated user account during an investigation.
|
||||
keywords: investigate, account, user, user entity, alert, windows defender atp
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: View and organize the Windows Defender ATP machines list
|
||||
description: Learn about the available features that you can use from the Machines list such as sorting, filtering, and exporting the machine list which can enhance investigations.
|
||||
description: Learn about the available features that you can use from the Machines list such as sorting, filtering, and exporting the list to enhance investigations.
|
||||
keywords: sort, filter, export, csv, machine name, domain, last seen, internal IP, health state, active alerts, active malware detections, threat category, review alerts, network, connection, malware, type, password stealer, ransomware, exploit, threat, general malware, unwanted software
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
|
||||
@ -53,10 +53,7 @@ The hardware requirements for Windows Defender ATP on endpoints is the same as t
|
||||
#### Internet connectivity
|
||||
Internet connectivity on endpoints is required.
|
||||
|
||||
SENSE can utilize up to 5MB daily of bandwidth to communicate with the Windows Defender ATP cloud service and report cyber data.
|
||||
|
||||
> [!NOTE]
|
||||
> SENSE is the internal name used to refer to the behavioral sensor that powers Windows Defender ATP.
|
||||
The Windows Defender ATP sensor can utilize up to 5MB daily of bandwidth to communicate with the Windows Defender ATP cloud service and report cyber data.
|
||||
|
||||
For more information on additional proxy configuration settings see, [Configure Windows Defender ATP endpoint proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) .
|
||||
|
||||
|
||||
@ -71,7 +71,8 @@ You can use the complete code to create calls to the API.
|
||||
|
||||
## Related topics
|
||||
- [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
|
||||
- [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
|
||||
- [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md)
|
||||
- [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md)
|
||||
- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
|
||||
- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
|
||||
- [Python code examples for the custom threat intelligence API](python-example-code-windows-defender-advanced-threat-protection.md)
|
||||
- [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
|
||||
- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Configure Windows Defender Advanced Threat Protection preferences settings
|
||||
title: Configure Windows Defender ATP preferences settings
|
||||
description: Use the preferences setup to configure and update your preferences settings such as enabling advanced features, preview experience, email notifications, or custom threat intelligence.
|
||||
keywords: preferences settings, settings, advanced features, preview experience, email notifications, custom threat intelligence
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Turn on the preview experience in Windows Defender Advanced Threat Protection
|
||||
title: Turn on the preview experience in Windows Defender ATP
|
||||
description: Turn on the preview experience in Windows Defender Advanced Threat Protection to try upcoming features.
|
||||
keywords: advanced features, preferences setup, block file
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
|
||||
@ -190,6 +190,6 @@ HTTP error code | Description
|
||||
|
||||
## Related topics
|
||||
- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
|
||||
- [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md)
|
||||
- [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md)
|
||||
- [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
|
||||
- [Configure ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
|
||||
- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
@ -73,8 +73,9 @@ You can use the complete code to create calls to the API.
|
||||
[!code[CustomTIAPI](./code/example.py#L1-L53)]
|
||||
|
||||
## Related topics
|
||||
- [Understand threat intelligence](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
|
||||
- [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md)
|
||||
- [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
|
||||
- [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md)
|
||||
- [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
|
||||
- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
|
||||
- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
|
||||
- [PowerShell code examples for the custom threat intelligence API](powershell-example-code-windows-defender-advanced-threat-protection.md)
|
||||
- [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
|
||||
- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Take response actions on a file in Windows Defender Advanced Threat Protection
|
||||
title: Take response actions on a file in Windows Defender ATP
|
||||
description: Take response actions on file related alerts by stopping and quarantining a file or blocking a file and checking activity details.
|
||||
keywords: respond, stop and quarantine, block file, deep analysis
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
@ -85,7 +85,7 @@ You can roll back and remove a file from quarantine if you’ve determined that
|
||||
```
|
||||
“%ProgramFiles%\Windows Defender\MpCmdRun.exe” –Restore –Name EUS:Win32/CustomEnterpriseBlock –All
|
||||
```
|
||||
|
||||
|
||||
> [!NOTE]
|
||||
> Windows Defender ATP will remove all files that were quarantined on this machine in the last 30 days.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Take response actions on a machine in Windows Defender Advanced Threat Protection
|
||||
title: Take response actions on a machine in Windows Defender ATP
|
||||
description: Take response actions on a machine by isolating machines, collecting an investigation package, and checking activity details.
|
||||
keywords: respond, isolate, isolate machine, collect investigation package, action center
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Take response actions on files and machines in Windows Defender Advanced Threat Protection
|
||||
title: Take response actions on files and machines in Windows Defender ATP
|
||||
description: Take response actions on files and machines by stopping and quarantining files, blocking a file, isolating machines, or collecting an investigation package.
|
||||
keywords: respond, stop and quarantine, block file, deep analysis, isolate machine, collect investigation package, action center
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
|
||||
@ -46,8 +46,9 @@ Here is an example of an IOC:
|
||||
IOCs have a many-to-one relationship with alert definitions such that an alert definition can have many IOCs that correspond to it.
|
||||
|
||||
## Related topics
|
||||
- [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
|
||||
- [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md)
|
||||
- [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md)
|
||||
- [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md)
|
||||
- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
|
||||
- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
|
||||
- [PowerShell code examples for the custom threat intelligence API](powershell-example-code-windows-defender-advanced-threat-protection.md)
|
||||
- [Python code examples for the custom threat intelligence API](python-example-code-windows-defender-advanced-threat-protection.md)
|
||||
- [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
|
||||
- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
@ -46,8 +46,9 @@ If your client secret expires or if you've misplaced the copy provided when you
|
||||
|
||||
|
||||
## Related topics
|
||||
- [Understand threat intelligence](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
|
||||
- [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
|
||||
- [Create custom threat intelligence](custom-ti-api-windows-defender-advanced-threat-protection.md)
|
||||
- [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md)
|
||||
- [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md)
|
||||
- [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
|
||||
- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
|
||||
- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
|
||||
- [PowerShell code examples for the custom threat intelligence API](powershell-example-code-windows-defender-advanced-threat-protection.md)
|
||||
- [Python code examples for the custom threat intelligence API](python-example-code-windows-defender-advanced-threat-protection.md)
|
||||
- [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Use the custom threat intelligence API to create custom alerts for your organization
|
||||
title: Use the custom threat intelligence API to create custom alerts
|
||||
description: Use the threat intelligence API in Windows Defender Advanced Threat Protection to create custom alerts
|
||||
keywords: threat intelligence, alert definitions, indicators of compromise
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
|
||||
Reference in New Issue
Block a user