diff --git a/windows/security/threat-protection/windows-defender-atp/machine-status-reports-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/machine-status-reports-windows-defender-advanced-threat-protection.md index 0f44651e8f..f6c2afbf23 100644 --- a/windows/security/threat-protection/windows-defender-atp/machine-status-reports-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/machine-status-reports-windows-defender-advanced-threat-protection.md @@ -31,6 +31,21 @@ Section | Description 2 | Status (last 6 months) + +By default, the status over time column displays machine information from the 30-day period ending in the latest full day. To gain better perspective on trends occurring in your organization, you can fine-tune the reporting period by adjusting the time period shown. To adjust the time period, select a time range from the drop-down options: + +- 30 days +- 3 months +- 6 months +- Custom + +While the machines over time column shows trending information alerts, the machine aggregation column shows machine information scoped to 6 months. + + The machine aggregation column allows you to drill down to the machines list with the corresponding filter applied to it. For example, clicking on the inactive bar in the Sensor health state card will bring you the machines list with results showing only machines whose sensor status is inactive. + + + + ## Machine attributes The report is made up of cards that display the following alert attributes: @@ -45,10 +60,6 @@ The report is made up of cards that display the following alert attributes: - **Windows 10 versions**: shows the number of Windows 10 machines and their versions in your organization. -## Date range for status over time - -By default, the status over time column displays machine information from the 30-day period ending in the latest full day. To adjust this, select a time range from the drop-down options. - ## Filter data diff --git a/windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md index bfc546600a..d8f5a66362 100644 --- a/windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md @@ -28,7 +28,20 @@ The dashboard is structured into two columns: Section | Description :---|:--- 1 | Alerts over time -2 | Alert distribution (last 6 months) +2 | Alert aggregation / 6-month view + + +By default, the alerts over time column displays alert information from the 30-day period ending in the latest full day. To gain better perspective on trends occurring in your organization, you can fine-tune the reporting period by adjusting the time period shown. To adjust the time period, select a time range from the drop-down options: + +- 30 days +- 3 months +- 6 months +- Custom + +While the alerts over time column shows trending information alerts, the alert aggregation column shows alert information scoped to 6 months. + + The alert aggregation column allows you to drill down to a particular alert queue with the corresponding filter applied to it. For example, clicking on the EDR bar in the Detection sources card will bring you the alerts queue with results showing only alerts generated from EDR detections. + ## Alert attributes @@ -44,9 +57,7 @@ The report is made up of cards that display the following alert attributes: - **Classification & determination**: shows how you have classified alerts upon resolution, whether you have classified them as actual threats (true alerts) or as incorrect detections (false alerts). These cards also show the determination of resolved alerts, providing additional insight like the types of actual threats found or the legitimate activities that were incorrectly detected. -## Date range for alerts over time -By default, the alerts over time column displays alert information from the 30-day period ending in the latest full day. To adjust this, select a time range from the drop-down options. ## Filter data