deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 20:03:40 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

update threat analytics and mssp content

Browse Source
This commit is contained in:
Joey Caparas
2018-08-30 15:25:33 -07:00
parent c0e999a792
commit cb4ed81726
3 changed files with 12 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md
View File

@ -28,9 +28,8 @@ Security is recognized as a key component in running an enterprise, however some
To address this demand, managed security service providers (MSSP) offer to deliver managed detection and response (MDR) services on top of Windows Defender ATP. To address this demand, managed security service providers (MSSP) offer to deliver managed detection and response (MDR) services on top of Windows Defender ATP.
Windows Defender ATP adds support for this scenario by providing MSSP integration. Windows Defender ATP adds support for this scenario and to allow MSSPs to take the following actions:
The integration will allow MSSPs to take the following actions:
- Get access to MSSP customer's Windows Defender Security Center portal - Get access to MSSP customer's Windows Defender Security Center portal
- Get email notifications, and - Get email notifications, and
- Fetch alerts through security information and event management (SIEM) tools - Fetch alerts through security information and event management (SIEM) tools

2
windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
View File

@ -39,7 +39,7 @@ Turn on the preview experience setting to be among the first to try upcoming fea
The following features are included in the preview release: The following features are included in the preview release:
- [Threat analytics](threat-analytics.md)<br> - [Threat analytics](threat-analytics.md)<br>
Threat analytics helps security operations teams continually assess their environment for emerging threats and outbreaks within minutes and take actions to contain and increase organizational resilience. Threat Analytics is a set of interactive reports published by the Windows Defender ATP research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess impact on their environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats.
- [Custom detection](overview-custom-detections.md)<br> - [Custom detection](overview-custom-detections.md)<br>
With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious or emerging threats. This can be done by leveraging the power of Advanced hunting through the creation of custom detection rules. With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious or emerging threats. This can be done by leveraging the power of Advanced hunting through the creation of custom detection rules.

12
windows/security/threat-protection/windows-defender-atp/threat-analytics.md
View File

@ -21,12 +21,12 @@ ms.date: 09/03/2018
Cyber threats are emerging more frequently and prevalently. It is critical for enterprises to be able to quickly assess their security posture, including impact, and organizational resilience in the context of specific emerging threats. Cyber threats are emerging more frequently and prevalently. It is critical for enterprises to be able to quickly assess their security posture, including impact, and organizational resilience in the context of specific emerging threats.
Threat analytics helps security operations teams continually assess their environment for emerging threats and outbreaks within minutes and take actions to contain and increase organizational resilience. Threat Analytics is a set of interactive reports published by the Windows Defender ATP research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess impact on their environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats.
>[!NOTE] >[!NOTE]
>Threat analytics requires all Windows Defender ATP components to be running, including Next generation protection and Attack surface reduction. >Threat analytics requires all Windows Defender ATP components to be running, including Next generation protection and Attack surface reduction.
Microsoft security teams continuously updates Windows Defender ATP Threat analytics with data on identified emerging threats.
Each threat report provides a summary to describe details such as where the threat is coming from, where it's been seen, or techniques and tools that were used by the threat. Each threat report provides a summary to describe details such as where the threat is coming from, where it's been seen, or techniques and tools that were used by the threat.
@ -40,10 +40,16 @@ The dashboard shows the impact in your organization through the following tiles:
![Image of a threat analytics report](images/ta.png) ![Image of a threat analytics report](images/ta.png)
## Organizational impact ## Organizational impact
You can assess the organizational impact of a threat using the Machines with alerts and Machines with alerts over time tiles. You can assess the organizational impact of a threat using the **Machines with alerts** and **Machines with alerts over time** tiles.
The **Machine with alerts** shows the specific number of **Active alerts** and **Resolved alerts**. Clicking on the **Active** or **Resolved** parts of the pies brings you to the Alerts queue filtered based on the specific threat alerts so security operations teams can investigate and respond to contain this threat. The **Machine with alerts** shows the specific number of **Active alerts** and **Resolved alerts**. Clicking on the **Active** or **Resolved** parts of the pies brings you to the Alerts queue filtered based on the specific threat alerts so security operations teams can investigate and respond to contain this threat.
The **Machine with alerts over time**, shows the number of distinct machines with **Active** and **Resolved alerts over time**. An indication of threat containment is reflected by the number of **Resolved alerts**. Total number of Resolved alerts increasing over time is a good indication of threat containment. The **Machine with alerts over time**, shows the number of distinct machines with **Active** and **Resolved alerts over time**. An indication of threat containment is reflected by the number of **Resolved alerts**. Total number of Resolved alerts increasing over time is a good indication of threat containment.