deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-28 13:17:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

update file topic with images

Browse Source
This commit is contained in:
jcaparas 2017-02-13 17:21:18 -08:00
parent 41afe10e02
commit ac4876f5f3
5 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/keep-secure/custom-ti-api-windows-defender-advanced-threat-protection.md
View File

@ -190,7 +190,7 @@ Authorization: Bearer <access_token>
Accept: application/json;odata.metadata=none
```
If successful, you should get a 200 OK response containing a single indicator of compromise representation (per the specified Id) in the payload, as shown as follows:
If successful, you should get a 200 OK response containing a single indicator of compromise representation (per the specified ID) in the payload, as shown as follows:
```json
HTTP/1.1 200 OK
@ -281,7 +281,7 @@ Accept: application/json;odata.metadata=none
}
```
If successful, you should get a 200 OK response containing the updated alert definition representation (per the specified Id) in the payload.
If successful, you should get a 200 OK response containing the updated alert definition representation (per the specified ID) in the payload.
## Update the association (relation) between an indicator of compromise to a different alert definition

BIN
windows/keep-secure/images/atp-alerts-related-to-file.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 129 KiB

BIN
windows/keep-secure/images/atp-file-in-org.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 63 KiB

BIN
windows/keep-secure/images/atp-file-information.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 74 KiB

14
windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md
View File

@ -33,13 +33,23 @@ You can get information from the following sections in the file view:
- Most recent observed machines with file
The file details, malware detection, and prevalence worldwide sections display various attributes about the file. Youll see actions you can take on the file and details such as the files MD5, the VirusTotal detection ratio and Windows Defender AV detection if available, and the files prevalence worldwide.
The file details, malware detection, and prevalence worldwide sections display various attributes about the file. Youll see actions you can take on the file and details such as the files MD5, the VirusTotal detection ratio and Windows Defender AV detection if available, and the files prevalence worldwide. You'll also be able to [submit a file for deep analysis](investigate-files-windows-defender-advanced-threat-protection.md#deep-analysis).
![Image of file information](images/atp-file-information.png)
The **Alerts related to this file** section provides a list of alerts that are associated with the file. This list is a simplified version of the Alerts queue, and shows the date when the last activity was detected, a short description of the alert, the user associated with the alert, the alert's severity, the alert's status in the queue, and who is addressing the alert.
![Image of alerts related to the file section](images/atp-alerts-related-to-file.png)
The **File in organization** section provides details on the prevalence of the file, prevalence in email inboxes and the name observed in the organization.
The **Most recent observed machines with the file** section allows you to specify a date range to see which machines have been observed with the file. This allows for greater accuracy in defining entities to display such as if and when an entity was observed in the organization. For example, if youre trying to identify the origin of a network communication to a certain IP Address within a 10-minute period on a given date, you can specify that exact time interval, and see only files that communicated with that IP Address at that time, drastically reducing unnecessary scrolling and searching.
![Image of file in organization](images/atp-file-in-org.png)
The **Most recent observed machines with the file** section allows you to specify a date range to see which machines have been observed with the file.
![Image of most recent observed machine with the file](images/atp-observed-machines.png)
This allows for greater accuracy in defining entities to display such as if and when an entity was observed in the organization. For example, if youre trying to identify the origin of a network communication to a certain IP Address within a 10-minute period on a given date, you can specify that exact time interval, and see only files that communicated with that IP Address at that time, drastically reducing unnecessary scrolling and searching.
## Stop and quarantine files in your network
You can contain an attack in your organization by stopping the malicious process and quarantine the file where it was observed.