mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 13:27:23 +00:00
TA-topic-refresh
This commit is contained in:
lomayor
parent
c08231e70f
commit
6a913a0e9a
Binary file not shown.
|
After Width: | Height: | Size: 58 KiB |
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Microsoft Defender Advanced Threat Protection Threat analytics
|
||||
title: Track and respond to emerging threats with Microsoft Defender ATP threat analytics
|
||||
ms.reviewer:
|
||||
description: Get a tailored organizational risk evaluation and actionable steps you can take to minimize risks in your organization.
|
||||
description: Learn about emerging threats and attack techniques and how to stop them. Assess their impact to your organization and evaluate your organizational resilience.
|
||||
keywords: threat analytics, risk evaluation, OS mitigation, microcode mitigation, mitigation status
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
@ -9,8 +9,8 @@ ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.author: mjcaparas
|
||||
author: mjcaparas
|
||||
ms.author: lomayor
|
||||
author: lomayor
|
||||
ms.localizationpriority: medium
|
||||
manager: dansimp
|
||||
audience: ITPro
|
||||
@ -18,47 +18,46 @@ ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Threat analytics
|
||||
# Track and respond to emerging threats with threat analytics
|
||||
**Applies to:**
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
Cyberthreats are emerging more frequently and prevalently. It is critical for organizations to be able to quickly assess their security posture, including impact and organizational resilience, in the context of specific emerging threats.
|
||||
|
||||
Cyberthreats are emerging more frequently and prevalently. It is critical for organizations to be able to quickly assess their security posture, including impact, and organizational resilience in the context of specific emerging threats.
|
||||
Threat analytics is a set of reports published by Microsoft security researchers as soon as emerging threats and outbreaks are identified. The reports help you assess the impact of threats to your environment and provides recommended actions for containing them and increasing organizational resilience.
|
||||
|
||||
Threat Analytics is a set of interactive reports published by the Microsoft Defender ATP research team as soon as emerging threats and outbreaks are identified. The reports help you the assess impact of threats in your environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats.
|
||||
|
||||
## View the threat analytics dashboard
|
||||
|
||||
>[!NOTE]
|
||||
>The number of resolved alerts indicates how quickly your organization responds to alerts associated with a threat. Ideally, the chart should be showing alerts being resolved within a few days.
|
||||
The threat analytics dashboard is a great jump off point for getting to the reports that are most relevant to your organization. It provides several overviews about the threats covered in the report:
|
||||
|
||||
Each threat report provides a summary to describe details such as where the threat is coming from, where it's been seen, or techniques and tools that were used by the threat.
|
||||
- **Latest threats**—lists the most recently published threat reports, along with the number of machines with resolved and unresolved alerts.
|
||||
- **High-impact threats**—lists the threats that have had the highest impact on the organization in terms of the number of machines that have had related alerts, along with the number of machines with resolved and unresolved alerts.
|
||||
- **Threat summary**—shows the number of threats among the threats reported in threat analytics with actual alerts.
|
||||
|
||||
The dashboard shows the impact in your organization through the following tiles:
|
||||
- Machines with alerts - shows the current distinct number of impacted machines in your organization
|
||||
- Machines with alerts over time - shows the distinct number of impacted over time
|
||||
- Mitigation status - shows the number of mitigated and unmitigated machines. Machines are considered mitigated if they have all the measurable mitigations in place.
|
||||
- Vulnerability patching status - lists any vulnerabilities associated with the threat, and if they have been patched
|
||||
- Mitigation recommendations - lists the measurable mitigations and the number of machines that do not have each of the mitigations in place
|
||||
|
||||
|
||||
Select a threat on any of the overviews or on the table to view the report for that threat.
|
||||
|
||||
## View a threat analytics report
|
||||
|
||||
Each threat report generally provides an overview of the threat, an analysis of the techniques and tools used by the threat, its impact, mitigation recommendations, and detection information. It also provides several cards that provide dynamic data about how your organization is impacted by the threat and how prepared it is to stop the threat.
|
||||
|
||||
|
||||
|
||||
## Organizational impact
|
||||
You can assess the organizational impact of a threat using the **Machines with alerts** and **Machines with alerts over time** tiles.
|
||||
### Organizational impact
|
||||
Each report includes cards designed to provide information about the organizational impact of a threat:
|
||||
- **Machines with alerts**—shows the current number of distinct machines in your organization that have been impacted by the threat. A machine is categorized as **Active** if there is at least 1 alert associated with that threat and **Resolved** if *all* alerts associated with the threat on the machine have been resolved.
|
||||
- **Machines with alerts over time**—shows the number of distinct machines with **Active** and **Resolved** over time. The number of resolved alerts indicates how quickly your organization responds to alerts associated with a threat. Ideally, the chart should be showing alerts resolved within a few days.
|
||||
|
||||
A machine is categorized as **Active** if there is at least 1 alert associated with that threat and **Resolved** if *all* alerts associated with the threat on the machine are resolved.
|
||||
|
||||
|
||||
The **Machine with alerts over time**, shows the number of distinct machines with **Active** and **Resolved alerts over time**. The number of resolved alerts indicates how quickly your organization responds to alerts associated with a threat. Ideally, the chart should be showing alerts being resolved within a few days.
|
||||
## Organizational resilience
|
||||
The **Mitigation recommendations** section provides specific actionable recommendations to improve your visibility into this threat and increase your organizational resilience.
|
||||
|
||||
The **Mitigation status** and **Mitigation status over time** shows the endpoint configuration status assessed based on the recommended mitigations.
|
||||
### Organizational resilience
|
||||
Each report also includes cards that provide an overview of how resilient your organization can be against a given threat:
|
||||
- **Mitigation status**—shows the number of machines that have and have not applied mitigations for the threat. Machines are considered mitigated if they have all the measurable mitigations in place.
|
||||
- **Vulnerability patching status**—shows the number of machines that have applied security updates or patches that address vulnerabilities exploited by the threat.
|
||||
- **Mitigation recommendations**—lists specific actionable recommendations to improve your visibility into this threat and increase your organizational resilience. This card lists only measurable mitigations along with the number of machines that don't have these mitigations in place.
|
||||
|
||||
>[!IMPORTANT]
|
||||
>- The chart only reflects mitigations that are measurable and where an evaluation can be made on the machine state as being compliant or non-compliant. There can be additional mitigations or compliance actions that currently cannot be computed or measured that are not reflected in the charts and are covered in the threat description under **Mitigation recommendations** section.
|
||||
>- Even if all mitigations were measurable, there is no absolute guarantee of complete resilience but reflects the best possible actions that need to be taken to improve resiliency.
|
||||
|
||||
|
||||
>- Charts only reflect mitigations that are measurable, meaning an evaluation can be made on whether a machine has applied the mitigation or not. Check the report overview for additional mitigations that are not reflected in the charts.
|
||||
>- Even if all mitigations were measurable, they don't guarantee complete resilience. They reflect the best possible actions needed to improve resiliency.
|
||||
|
||||
>[!NOTE]
|
||||
>The Unavailable category indicates that there is no data available from the specific machine yet.
|
||||
>Machines are counted as "unavailable" if they have been unable to transmit data to the service.
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user