update description of example in adv hunting

This commit is contained in:
Joey Caparas
2018-08-15 10:56:46 -07:00
parent b6e909a63a
commit bf80ebe1a1

View File

@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
ms.date: 06/13/2018
ms.date: 08/15/2018
---
# Query data using Advanced hunting in Windows Defender ATP
@ -51,7 +51,8 @@ First, we define a time filter to review only records from the previous seven da
We then add a filter on the _FileName_ to contain only instances of _powershell.exe_.
Afterwards, we add a filter on the _ProcessCommandLine_
Afterwards, we add a filter on the _ProcessCommandLine_.
Finally, we project only the columns we're interested in exploring and limit the results to 100 and click **Run query**.
You have the option of expanding the screen view so you can focus on your hunting query and related results.