general updates

2025-05-15 06:47:21 +00:00 · 2017-09-20 14:39:40 -07:00 · 2017-09-20 14:39:40 -07:00 · 93b2bc88b7
commit 93b2bc88b7
parent 56c18eb36a
3 changed files with 6 additions and 22 deletions
--- a/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
@ -77,7 +77,7 @@ Field numbers match the numbers in the images below.

 ![Image of artifact timeline with numbers](images/atp-siem-mapping3.png)

-![Image of alert timeline with numbers](images/atp-siem-mapping4.png)
+![Image of artifact timeline with numbers](images/atp-siem-mapping4.png)

 ![Image machine view](images/atp-mapping6.png)

--- a/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md
@ -93,18 +93,8 @@ Use the search bar to look for specific timeline events. Harness the power of us
    -	Behaviors mode: displays "detections" and selected events of interest
    -	Verbose mode: displays all raw events without aggregation or filtering

- **Event type** - Click the drop-down button to filter by the following levels:
-    - Windows Defender ATP alerts
-    - Windows Defender AV alerts
-    - Response actions
-    - AppGuard related events
-    - Windows Defender Device Guard events
-    - Process events
-    - Network events
-    - File events
-    - Registry events
-    - Load DLL events
-    - Other events <br><br>
+- **Event type** - Click the drop-down button to filter by events such as Windows     - Windows Defender ATP alerts, Windows Defender Application Guard events, registry events, file events, and others. 
+    
    Filtering by event type allows you to define precise queries so that you see events with a specific focus. For example, you can search for a file name, then filter the results to only see Process events matching the search criteria or to only view file events, or even better: to view only network events over a period of time to make sure no suspicious outbound communications go unnoticed.

 -	**User account** – Click the drop-down button to filter the machine timeline by the following user associated events:
--- a/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md
@ -60,19 +60,14 @@ You can use the following filters to limit the list of machines displayed during
 - Mac OS
 - Other

-**Health**</br>
- All
- Well configure
- Requires attention - Depending on the Windows Defender security controls configured in your enterprise, you'll see various available filters.
- 

 **Sensor health state**</br>
 Filter the list to view specific machines grouped together by the following machine health states:

 - **Active** – Machines that are actively reporting sensor data to the service.
 -	**Misconfigured** – Machines that have impaired communications with service or are unable to send sensor data. Misconfigured machines can further be classified to:
-  - Impaired communications
  - No sensor data
+  - Impaired communications

  For more information on how to address issues on misconfigured machines see,  [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md).
 -	**Inactive** – Machines that have completely stopped sending signals for more than 7 days.
@ -85,6 +80,7 @@ Filter the list to view specific machines that are well configured or require at
 - **Well configured** - Machines have the Windows Defender security controls well configured. 
 - **Requires attention** - Machines where improvements can be made to increase the overall security posture of your organization.

+For more information, see [View the Security Analytics dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md).

 **Malware category alerts**</br>
 Filter the list to view specific machines grouped together by the following malware categories:
@ -109,13 +105,11 @@ Exporting the list in CSV format displays the data in an unfiltered manner. The
 You can sort the **Machines list** by the following columns:

 - **Machine name** - Name or GUID of the machine
- **Domain** - Domain where the machine is joined in
- **OS Platform** - Indicates the OS of the machine
 - **Health State** – Indicates if the machine is misconfigured or is not sending sensor data
 - **Last seen** - Date and time when the machine last reported sensor data
 - **Internal IP** - Local internal Internet Protocol (IP) address of the machine
 - **Active Alerts** - Number of alerts reported by the machine by severity
- **Active malware detections** - Number of active malware detections reported by the machine
+- **Active malware alerts** - Number of active malware detections reported by the machine

 > [!NOTE]
 > The **Active malware detections** filter column will only appear if your endpoints are using [Windows Defender](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) as the active real-time protection antimalware product.