deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 13:23:36 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merged PR 11100: threat analytics minor updates, typo in index

Browse Source 
threat analytics minor updates, typo in index
This commit is contained in:
Joey Caparas
2018-09-05 17:08:16 +00:00
committed by Dani Halfin
parent dcbf059189
commit a0b94645a1
2 changed files with 7 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/threat-protection/index.md
View File

@ -44,7 +44,7 @@ The attack surface reduction set of capabilities provide the first line of defen
- [Network protection](windows-defender-exploit-guard/network-protection-exploit-guard.md) - [Network protection](windows-defender-exploit-guard/network-protection-exploit-guard.md)
- [Controlled folder access](windows-defender-exploit-guard/controlled-folders-exploit-guard.md) - [Controlled folder access](windows-defender-exploit-guard/controlled-folders-exploit-guard.md)
- [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md) - [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md)
- [Attack surface reducation controls](windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md) - [Attack surface reduction controls](windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md)
<a name="ngp"></a> <a name="ngp"></a>

13
windows/security/threat-protection/windows-defender-atp/threat-analytics.md
View File

@ -25,16 +25,15 @@ Threat Analytics is a set of interactive reports published by the Windows Defend
>[!NOTE] >[!NOTE]
>Threat analytics requires all Windows Defender ATP components to be running, including Next generation protection and Attack surface reduction. >The number of resolved alerts indicates how quickly your organization responds to alerts associated with a threat. Ideally, the chart should be showing alerts being resolved within a few days.
Each threat report provides a summary to describe details such as where the threat is coming from, where it's been seen, or techniques and tools that were used by the threat. Each threat report provides a summary to describe details such as where the threat is coming from, where it's been seen, or techniques and tools that were used by the threat.
The dashboard shows the impact in your organization through the following tiles: The dashboard shows the impact in your organization through the following tiles:
- Machines with alerts - shows the current distinct number of impacted machines in your organization - Machines with alerts - shows the current distinct number of impacted machines in your organization
- Machines with alerts over time - shows the distinct number of impacted over time - Machines with alerts over time - shows the distinct number of impacted over time
- Mitigation recommendations - provides specific actionable recommendations to take for the threat can be contained - Mitigation recommendations - lists the measurable mitigations and the number of machines that do not have each of the mitigations in place
- Mitigation status - shows the current distinct number of machines that have been mitigated, unmitigated, and unavailable - Mitigation status - shows the number of mitigated and unmitigated machines. Machines are considered mitigated if they have all the measurable mitigations in place.
- Mitigation status over time - shows the distinct number of machines that have been mitigated, unmitigated, and unavailable over time - Mitigation status over time - shows the distinct number of machines that have been mitigated, unmitigated, and unavailable over time
![Image of a threat analytics report](images/ta.png) ![Image of a threat analytics report](images/ta.png)
@ -45,15 +44,13 @@ You can assess the organizational impact of a threat using the **Machines with a
A machine is categorized as **Active** if there is at least 1 alert associated with that threat and **Resolved** if *all* alerts associated with the threat on the machine are resolved. A machine is categorized as **Active** if there is at least 1 alert associated with that threat and **Resolved** if *all* alerts associated with the threat on the machine are resolved.
The **Machine with alerts over time**, shows the number of distinct machines with **Active** and **Resolved alerts over time**. An indication of threat containment is reflected by the number of **Resolved alerts**. Total number of Resolved alerts increasing over time is a good indication of threat containment. The **Machine with alerts over time**, shows the number of distinct machines with **Active** and **Resolved alerts over time**. The number of resolved alerts indicates how quickly your organization responds to alerts associated with a threat. Ideally, the chart should be showing alerts being resolved within a few days.
## Organizational resilience ## Organizational resilience
The **Mitigation recommendations** section provides specific actionable recommendations to improve your visibility into this threat and increase your organizational resilience. The **Mitigation recommendations** section provides specific actionable recommendations to improve your visibility into this threat and increase your organizational resilience.
The **Mitigation status** and **Mitigation status over time** shows the endpoint configuration status assessed based on the recommended mitigations. The **Mitigation status** and **Mitigation status over time** shows the endpoint configuration status assessed based on the recommended mitigations.
>![IMPORTANT] >[!IMPORTANT]
>- The chart only reflects mitigations that are measurable and where an evaluation can be made on the machine state as being compliant or non-compliant. There can be additional mitigations or compliance actions that currently cannot be computed or measured that are not reflected in the charts and are covered in the threat description under **Mitigation recommendations** section. >- The chart only reflects mitigations that are measurable and where an evaluation can be made on the machine state as being compliant or non-compliant. There can be additional mitigations or compliance actions that currently cannot be computed or measured that are not reflected in the charts and are covered in the threat description under **Mitigation recommendations** section.
>- Even if all mitigations were measurable, there is no absolute guarantee of complete resilience but reflects the best possible actions that need to be taken to improve resiliency. >- Even if all mitigations were measurable, there is no absolute guarantee of complete resilience but reflects the best possible actions that need to be taken to improve resiliency.