deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update threat-analytics.md

Browse Source
This commit is contained in:
lomayor 2019-07-03 01:55:08 -07:00
parent 2073e3798d
commit a45e8e8c6e
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md
View File

@ -22,17 +22,17 @@ ms.topic: article
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
Cyberthreats are emerging more frequently and prevalently. It is critical for organizations to be able to quickly assess their security posture, including impact and organizational resilience, in the context of specific emerging threats.
Cyberthreats are emerging more frequently and prevalently. It is critical for organizations to quickly assess their security posture, covering the impact of emerging threats and resilience to these threats.
Threat analytics is a set of reports published by Microsoft security researchers as soon as emerging threats and outbreaks are identified. The reports help you assess the impact of threats to your environment and include recommended actions for containing them and increasing organizational resilience.
Threat analytics is a set of reports published by Microsoft security researchers as soon as emerging threats and outbreaks are identified. The reports help you assess the impact of threats to your environment and identify actions that contain them and increase organizational resilience.
## View the threat analytics dashboard
The threat analytics dashboard is a great jump off point for getting to the reports that are most relevant to your organization. It provides several overviews about the threats covered in the reports:
- **Latest threats**—lists the most recently published threat reports, along with the number of machines with resolved and unresolved alerts.
- **High-impact threats**—lists the threats that have had the highest impact on the organization in terms of the number of machines that have had related alerts, along with the number of machines with resolved and unresolved alerts.
- **Threat summary**—shows the number of threats among the threats reported in threat analytics with actual alerts.
- **Latest threats** lists the most recently published threat reports, along with the number of machines with resolved and unresolved alerts.
- **High-impact threats** lists the threats that have had the highest impact on the organization in terms of the number of machines that have had related alerts, along with the number of machines with resolved and unresolved alerts.
- **Threat summary** shows the number of threats among the threats reported in threat analytics with actual alerts.
![Image of a threat analytics dashboard](images/ta_dashboard.png)
@ -40,20 +40,20 @@ Select a threat on any of the overviews or on the table to view the report for t
## View a threat analytics report
Each threat report generally provides an overview of the threat, an analysis of the techniques and tools used by the threat, its impact, mitigation recommendations, and detection information. It also provides several cards that provide dynamic data about how your organization is impacted by the threat and how prepared it is to stop the threat.
Each threat report generally provides an overview of the threat and an analysis of the techniques and tools used by the threat. It also provides worldwide impact information, mitigation recommendations, and detection information. It includes several cards that show dynamic data about how your organization is impacted by the threat and how prepared it is to stop the threat.
![Image of a threat analytics report](images/ta.png)
### Organizational impact
Each report includes cards designed to provide information about the organizational impact of a threat:
- **Machines with alerts**—shows the current number of distinct machines in your organization that have been impacted by the threat. A machine is categorized as **Active** if there is at least 1 alert associated with that threat and **Resolved** if *all* alerts associated with the threat on the machine have been resolved.
- **Machines with alerts over time**—shows the number of distinct machines with **Active** and **Resolved** alerts over time. The number of resolved alerts indicates how quickly your organization responds to alerts associated with a threat. Ideally, the chart should be showing alerts resolved within a few days.
- **Machines with alerts** shows the current number of distinct machines in your organization that have been impacted by the threat. A machine is categorized as **Active** if there is at least 1 alert associated with that threat and **Resolved** if *all* alerts associated with the threat on the machine have been resolved.
- **Machines with alerts over time** shows the number of distinct machines with **Active** and **Resolved** alerts over time. The number of resolved alerts indicates how quickly your organization responds to alerts associated with a threat. Ideally, the chart should be showing alerts resolved within a few days.
### Organizational resilience
Each report also includes cards that provide an overview of how resilient your organization can be against a given threat:
- **Mitigation status**—shows the number of machines that have and have not applied mitigations for the threat. Machines are considered mitigated if they have all the measurable mitigations in place.
- **Vulnerability patching status**—shows the number of machines that have applied security updates or patches that address vulnerabilities exploited by the threat.
- **Mitigation recommendations**—lists specific actionable recommendations to improve your visibility into the threat and increase your organizational resilience. This card lists only measurable mitigations along with the number of machines that don't have these mitigations in place.
- **Mitigation status** shows the number of machines that have and have not applied mitigations for the threat. Machines are considered mitigated if they have all the measurable mitigations in place.
- **Vulnerability patching status** shows the number of machines that have applied security updates or patches that address vulnerabilities exploited by the threat.
- **Mitigation recommendations** lists specific actionable recommendations to improve your visibility into the threat and increase your organizational resilience. This card lists only measurable mitigations along with the number of machines that don't have these mitigations in place.
>[!IMPORTANT]
>- Charts only reflect mitigations that are measurable, meaning an evaluation can be made on whether a machine has applied the mitigations or not. Check the report overview for additional mitigations that are not reflected in the charts.