update description of example in adv hunting

This commit is contained in:
Joey Caparas
2018-08-15 10:56:46 -07:00
parent b6e909a63a
commit bf80ebe1a1

View File

@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara ms.author: macapara
author: mjcaparas author: mjcaparas
ms.localizationpriority: medium ms.localizationpriority: medium
ms.date: 06/13/2018 ms.date: 08/15/2018
--- ---
# Query data using Advanced hunting in Windows Defender ATP # Query data using Advanced hunting in Windows Defender ATP
@ -51,7 +51,8 @@ First, we define a time filter to review only records from the previous seven da
We then add a filter on the _FileName_ to contain only instances of _powershell.exe_. We then add a filter on the _FileName_ to contain only instances of _powershell.exe_.
Afterwards, we add a filter on the _ProcessCommandLine_ Afterwards, we add a filter on the _ProcessCommandLine_.
Finally, we project only the columns we're interested in exploring and limit the results to 100 and click **Run query**. Finally, we project only the columns we're interested in exploring and limit the results to 100 and click **Run query**.
You have the option of expanding the screen view so you can focus on your hunting query and related results. You have the option of expanding the screen view so you can focus on your hunting query and related results.