From bf80ebe1a102beac7c8894442becbef46a8ddaf2 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 15 Aug 2018 10:56:46 -0700 Subject: [PATCH] update description of example in adv hunting --- ...ed-hunting-windows-defender-advanced-threat-protection.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md index 538e981c02..315a0b021a 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: medium -ms.date: 06/13/2018 +ms.date: 08/15/2018 --- # Query data using Advanced hunting in Windows Defender ATP @@ -51,7 +51,8 @@ First, we define a time filter to review only records from the previous seven da We then add a filter on the _FileName_ to contain only instances of _powershell.exe_. -Afterwards, we add a filter on the _ProcessCommandLine_ +Afterwards, we add a filter on the _ProcessCommandLine_. + Finally, we project only the columns we're interested in exploring and limit the results to 100 and click **Run query**. You have the option of expanding the screen view so you can focus on your hunting query and related results.