From 6d73a789b5ccb7393b429dd12b588db4be9d9536 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 25 Nov 2019 16:26:28 -0800 Subject: [PATCH 1/2] add note to machine reports --- .../microsoft-defender-atp/machine-reports.md | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine-reports.md b/windows/security/threat-protection/microsoft-defender-atp/machine-reports.md index 22efe55158..adc8b53f70 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine-reports.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine-reports.md @@ -34,21 +34,28 @@ Section | Description 2 | Machine summary (current day) - +## Machine trends By default, the machine trends displays machine information from the 30-day period ending in the latest full day. To gain better perspective on trends occurring in your organization, you can fine-tune the reporting period by adjusting the time period shown. To adjust the time period, select a time range from the drop-down options: - 30 days - 3 months - 6 months - Custom - -While the machines trends shows trending machine information, the machine summary shows machine information scoped to the current day. + +>[!NOTE] +>These filters are only applied on the machine trends section. It doesn't affect the machine summary section. + +## Machine summary +While the machines trends shows trending machine information, the machine summary shows machine information scoped to the current day. + +>[!NOTE] +>The data reflected in the summary section is scoped to 180 days prior to the current date. For example if today's date is March 27, 2019, the data on the summary section will reflect numbers starting from September 28, 2018 to March 27, 2019.
+> The filter applied on the trends section is not applied on the summary section. The machine trends section allows you to drill down to the machines list with the corresponding filter applied to it. For example, clicking on the Inactive bar in the Sensor health state card will bring you the machines list with results showing only machines whose sensor status is inactive. - ## Machine attributes The report is made up of cards that display the following machine attributes: From 75d256276794db51010b4df74ce0ea7274a105ea Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 25 Nov 2019 16:33:02 -0800 Subject: [PATCH 2/2] add note to threat report --- .../threat-protection-reports.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-protection-reports.md b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-reports.md index 7a7e652415..8d109610de 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-protection-reports.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-reports.md @@ -34,7 +34,7 @@ Section | Description 1 | Alerts trends 2 | Alert summary - +## Alert trends By default, the alert trends display alert information from the 30-day period ending in the latest full day. To gain better perspective on trends occurring in your organization, you can fine-tune the reporting period by adjusting the time period shown. To adjust the time period, select a time range from the drop-down options: - 30 days @@ -42,11 +42,18 @@ By default, the alert trends display alert information from the 30-day period en - 6 months - Custom +>[!NOTE] +>These filters are only applied on the alert trends section. It doesn't affect the alert summary section. + + +## Alert summary While the alert trends shows trending alert information, the alert summary shows alert information scoped to the current day. The alert summary allows you to drill down to a particular alert queue with the corresponding filter applied to it. For example, clicking on the EDR bar in the Detection sources card will bring you the alerts queue with results showing only alerts generated from EDR detections. - +>[!NOTE] +>The data reflected in the summary section is scoped to 180 days prior to the current date. For example if today's date is November 5, 2019, the data on the summary section will reflect numbers starting from May 5, 2019 to November 5, 2019.
+> The filter applied on the trends section is not applied on the summary section. ## Alert attributes The report is made up of cards that display the following alert attributes: