diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/atp-proxy-investigation-ah.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-proxy-investigation-ah.png index 890817a70b..62c89ddbc4 100644 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/atp-proxy-investigation-ah.png and b/windows/security/threat-protection/microsoft-defender-atp/images/atp-proxy-investigation-ah.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/atp-proxy-investigation-event.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-proxy-investigation-event.png index f30feb9983..94195f3a46 100644 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/atp-proxy-investigation-event.png and b/windows/security/threat-protection/microsoft-defender-atp/images/atp-proxy-investigation-event.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/atp-proxy-investigation.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-proxy-investigation.png index be66344ea0..a540d9947a 100644 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/atp-proxy-investigation.png and b/windows/security/threat-protection/microsoft-defender-atp/images/atp-proxy-investigation.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md index 476f2b65e1..9174102a65 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md @@ -74,6 +74,7 @@ NetworkCommunicationEvents You can also filter out events that are related to connection to the proxy itself. Use the following query to filter out the connections to the proxy: + ``` NetworkCommunicationEvents | where ActionType == "ConnectionSuccess" and RemoteIP != "ProxyIP"