deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

AH-SEO-optimization

Browse Source 
Legacy files renamed, redirected. Meta desc and keywords enhanced
This commit is contained in:
lomayor 2019-10-08 18:21:28 -07:00
parent 4dcea5448f
commit d37bd86752
28 changed files with 108 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
.openpublishing.redirection.json
View File

@ -877,7 +877,7 @@
}, },
{ {
"source_path": "windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md", "source_path": "windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language",
"redirect_document_id": true "redirect_document_id": true
}, },
{ {
@ -887,7 +887,22 @@
}, },
{ {
"source_path": "windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md", "source_path": "windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/overview-hunting.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference",
"redirect_document_id": true "redirect_document_id": true
}, },
{ {
@ -1573,7 +1588,7 @@
}, },
{ {
"source_path": "windows/security/threat-protection/windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md", "source_path": "windows/security/threat-protection/windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-hunting", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview",
"redirect_document_id": true "redirect_document_id": true
}, },
{ {

6
windows/security/threat-protection/TOC.md
View File

@ -107,11 +107,11 @@
### [Threat analytics](microsoft-defender-atp/threat-analytics.md) ### [Threat analytics](microsoft-defender-atp/threat-analytics.md)
### [Advanced hunting]() ### [Advanced hunting]()
#### [Advanced hunting overview](microsoft-defender-atp/overview-hunting.md) #### [Advanced hunting overview](microsoft-defender-atp/advanced-hunting-overview.md)
#### [Learn the query language](microsoft-defender-atp/advanced-hunting.md) #### [Learn the query language](microsoft-defender-atp/advanced-hunting-query-language.md)
#### [Use shared queries](microsoft-defender-atp/advanced-hunting-shared-queries.md) #### [Use shared queries](microsoft-defender-atp/advanced-hunting-shared-queries.md)
#### [Advanced hunting schema reference]() #### [Advanced hunting schema reference]()
##### [Understand the schema](microsoft-defender-atp/advanced-hunting-reference.md) ##### [Understand the schema](microsoft-defender-atp/advanced-hunting-schema-reference.md)
##### [AlertEvents](microsoft-defender-atp/advanced-hunting-alertevents-table.md) ##### [AlertEvents](microsoft-defender-atp/advanced-hunting-alertevents-table.md)
##### [FileCreationEvents](microsoft-defender-atp/advanced-hunting-filecreationevents-table.md) ##### [FileCreationEvents](microsoft-defender-atp/advanced-hunting-filecreationevents-table.md)
##### [ImageLoadEvents](microsoft-defender-atp/advanced-hunting-imageloadevents-table.md) ##### [ImageLoadEvents](microsoft-defender-atp/advanced-hunting-imageloadevents-table.md)

10
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md
View File

@ -26,9 +26,9 @@ ms.date: 10/08/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The AlertEvents table in the [Advanced hunting](overview-hunting.md) schema contains information about alerts on Microsoft Defender Security Center. Use this reference to construct queries that return information from the table. The AlertEvents table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about alerts on Microsoft Defender Security Center. Use this reference to construct queries that return information from the table.
For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md). For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-schema-reference.md).
| Column name | Data type | Description | | Column name | Data type | Description |
|-------------|-----------|-------------| |-------------|-----------|-------------|
@ -47,6 +47,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance
| Table | string | Table that contains the details of the event | | Table | string | Table that contains the details of the event |
## Related topics ## Related topics
- [Advanced hunting overview](overview-hunting.md) - [Advanced hunting overview](advanced-hunting-overview.md)
- [Learn the query language](advanced-hunting.md) - [Learn the query language](advanced-hunting-query-language.md)
- [Understand the schema](advanced-hunting-reference.md) - [Understand the schema](advanced-hunting-schema-reference.md)

6
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md
View File

@ -88,6 +88,6 @@ ProcessCreationEvents
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-bestpractices-belowfoldlink) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-bestpractices-belowfoldlink)
## Related topics ## Related topics
- [Advanced hunting overview](overview-hunting.md) - [Advanced hunting overview](advanced-hunting-overview.md)
- [Learn the query language](advanced-hunting.md) - [Learn the query language](advanced-hunting-query-language.md)
- [Understand the schema](advanced-hunting-reference.md) - [Understand the schema](advanced-hunting-schema-reference.md)

10
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md
View File

@ -26,9 +26,9 @@ ms.date: 10/08/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The FileCreationEvents table in the [Advanced hunting](overview-hunting.md) schema contains information about file creation, modification, and other file system events. Use this reference to construct queries that return information from the table. The FileCreationEvents table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about file creation, modification, and other file system events. Use this reference to construct queries that return information from the table.
For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md). For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-schema-reference.md).
| Column name | Data type | Description | | Column name | Data type | Description |
|-------------|-----------|-------------| |-------------|-----------|-------------|
@ -73,6 +73,6 @@ For information on other tables in the Advanced hunting schema, see [the Advanc
| IsAzureInfoProtectionApplied | boolean | Indicates whether the file is encrypted by Azure Information Protection | | IsAzureInfoProtectionApplied | boolean | Indicates whether the file is encrypted by Azure Information Protection |
## Related topics ## Related topics
- [Advanced hunting overview](overview-hunting.md) - [Advanced hunting overview](advanced-hunting-overview.md)
- [Learn the query language](advanced-hunting.md) - [Learn the query language](advanced-hunting-query-language.md)
- [Understand the schema](advanced-hunting-reference.md) - [Understand the schema](advanced-hunting-schema-reference.md)

10
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md
View File

@ -26,9 +26,9 @@ ms.date: 10/08/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The ImageLoadEvents table in the [Advanced hunting](overview-hunting.md) schema contains information about DLL loading events. Use this reference to construct queries that return information from the table. The ImageLoadEvents table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about DLL loading events. Use this reference to construct queries that return information from the table.
For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md). For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-schema-reference.md).
| Column name | Data type | Description | | Column name | Data type | Description |
|-------------|-----------|-------------| |-------------|-----------|-------------|
@ -59,6 +59,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance
| AppGuardContainerId | string | Identifier for the virtualized container used by Application Guard to isolate browser activity | | AppGuardContainerId | string | Identifier for the virtualized container used by Application Guard to isolate browser activity |
## Related topics ## Related topics
- [Advanced hunting overview](overview-hunting.md) - [Advanced hunting overview](advanced-hunting-overview.md)
- [Learn the query language](advanced-hunting.md) - [Learn the query language](advanced-hunting-query-language.md)
- [Understand the schema](advanced-hunting-reference.md) - [Understand the schema](advanced-hunting-schema-reference.md)

10
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md
View File

@ -26,9 +26,9 @@ ms.date: 10/08/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The LogonEvents table in the [Advanced hunting](overview-hunting.md) schema contains information about user logons and other authentication events. Use this reference to construct queries that return information from the table. The LogonEvents table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about user logons and other authentication events. Use this reference to construct queries that return information from the table.
For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md). For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-schema-reference.md).
| Column name | Data type | Description | | Column name | Data type | Description |
|-------------|-----------|-------------| |-------------|-----------|-------------|
@ -67,6 +67,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance
| IsLocalAdmin | boolean | Boolean indicator of whether the user is a local administrator on the machine | | IsLocalAdmin | boolean | Boolean indicator of whether the user is a local administrator on the machine |
## Related topics ## Related topics
- [Advanced hunting overview](overview-hunting.md) - [Advanced hunting overview](advanced-hunting-overview.md)
- [Learn the query language](advanced-hunting.md) - [Learn the query language](advanced-hunting-query-language.md)
- [Understand the schema](advanced-hunting-reference.md) - [Understand the schema](advanced-hunting-schema-reference.md)

10
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md
View File

@ -26,9 +26,9 @@ ms.date: 10/08/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The MachineInfo table in the [Advanced hunting](overview-hunting.md) schema contains information about machines in the organization, including their OS version, active users, and computer name. Use this reference to construct queries that return information from the table. The MachineInfo table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about machines in the organization, including their OS version, active users, and computer name. Use this reference to construct queries that return information from the table.
For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md). For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-schema-reference.md).
| Column name | Data type | Description | | Column name | Data type | Description |
|-------------|-----------|-------------| |-------------|-----------|-------------|
@ -48,6 +48,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance
| MachineGroup | string | Machine group of the machine. This group is used by role-based access control to determine access to the machine | | MachineGroup | string | Machine group of the machine. This group is used by role-based access control to determine access to the machine |
## Related topics ## Related topics
- [Advanced hunting overview](overview-hunting.md) - [Advanced hunting overview](advanced-hunting-overview.md)
- [Learn the query language](advanced-hunting.md) - [Learn the query language](advanced-hunting-query-language.md)
- [Understand the schema](advanced-hunting-reference.md) - [Understand the schema](advanced-hunting-schema-reference.md)

10
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md
View File

@ -26,9 +26,9 @@ ms.date: 10/08/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The MachineNetworkInfo table in the [Advanced hunting](overview-hunting.md) schema contains information about networking configuration of machines, including network adapters, IP and MAC addresses, and connected networks or domains. Use this reference to construct queries that return information from the table. The MachineNetworkInfo table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about networking configuration of machines, including network adapters, IP and MAC addresses, and connected networks or domains. Use this reference to construct queries that return information from the table.
For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md). For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-schema-reference.md).
| Column name | Data type | Description | | Column name | Data type | Description |
|-------------|-----------|-------------| |-------------|-----------|-------------|
@ -49,6 +49,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance
| IPAddresses | string | JSON array containing all the IP addresses assigned to the adapter, along with their respective subnet prefix and IP address space, such as public, private, or link-local | | IPAddresses | string | JSON array containing all the IP addresses assigned to the adapter, along with their respective subnet prefix and IP address space, such as public, private, or link-local |
## Related topics ## Related topics
- [Advanced hunting overview](overview-hunting.md) - [Advanced hunting overview](advanced-hunting-overview.md)
- [Learn the query language](advanced-hunting.md) - [Learn the query language](advanced-hunting-query-language.md)
- [Understand the schema](advanced-hunting-reference.md) - [Understand the schema](advanced-hunting-schema-reference.md)

10
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md
View File

@ -26,9 +26,9 @@ ms.date: 10/08/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The miscellaneous events or MiscEvents table in the [Advanced hunting](overview-hunting.md) schema contains information about various event types, including events triggered by security controls, such as Windows Defender Antivirus and exploit protection. Use this reference to construct queries that return information from the table. The miscellaneous events or MiscEvents table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about various event types, including events triggered by security controls, such as Windows Defender Antivirus and exploit protection. Use this reference to construct queries that return information from the table.
For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md). For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-schema-reference.md).
| Column name | Data type | Description | | Column name | Data type | Description |
|-------------|-----------|-------------| |-------------|-----------|-------------|
@ -80,6 +80,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance
| AppGuardContainerId | string | Identifier for the virtualized container used by Application Guard to isolate browser activity | | AppGuardContainerId | string | Identifier for the virtualized container used by Application Guard to isolate browser activity |
## Related topics ## Related topics
- [Advanced hunting overview](overview-hunting.md) - [Advanced hunting overview](advanced-hunting-overview.md)
- [Learn the query language](advanced-hunting.md) - [Learn the query language](advanced-hunting-query-language.md)
- [Understand the schema](advanced-hunting-reference.md) - [Understand the schema](advanced-hunting-schema-reference.md)

10
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md
View File

@ -26,9 +26,9 @@ ms.date: 10/08/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The NetworkCommunicationEvents table in the [Advanced hunting](overview-hunting.md) schema contains information about network connections and related events. Use this reference to construct queries that return information from the table. The NetworkCommunicationEvents table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about network connections and related events. Use this reference to construct queries that return information from the table.
For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md). For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-schema-reference.md).
| Column name | Data type | Description | | Column name | Data type | Description |
|-------------|-----------|-------------| |-------------|-----------|-------------|
@ -63,6 +63,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance
| AppGuardContainerId | string | Identifier for the virtualized container used by Application Guard to isolate browser activity | | AppGuardContainerId | string | Identifier for the virtualized container used by Application Guard to isolate browser activity |
## Related topics ## Related topics
- [Advanced hunting overview](overview-hunting.md) - [Advanced hunting overview](advanced-hunting-overview.md)
- [Learn the query language](advanced-hunting.md) - [Learn the query language](advanced-hunting-query-language.md)
- [Understand the schema](advanced-hunting-reference.md) - [Understand the schema](advanced-hunting-schema-reference.md)

8
windows/security/threat-protection/microsoft-defender-atp/overview-hunting.md → windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md
View File

@ -34,8 +34,8 @@ We recommend going through several steps to quickly get up and running with Adva
| Learning goal | Description | Resource | | Learning goal | Description | Resource |
|--|--|--| |--|--|--|
| **Get a feel for the language** | Advanced hunting is based on the [Kusto query language](https://docs.microsoft.com/azure/kusto/query/), supporting the same syntax and operators. Start learning the query language by running your first query. | [Query language overview](advanced-hunting.md) | | **Get a feel for the language** | Advanced hunting is based on the [Kusto query language](https://docs.microsoft.com/azure/kusto/query/), supporting the same syntax and operators. Start learning the query language by running your first query. | [Query language overview](advanced-hunting-query-language.md) |
| **Understand the schema** | Get a good, high-level understanding of the tables in the schema and their columns. This will help you determine where to look for data and how to construct your queries. | [Schema reference](advanced-hunting-reference.md) | | **Understand the schema** | Get a good, high-level understanding of the tables in the schema and their columns. This will help you determine where to look for data and how to construct your queries. | [Schema reference](advanced-hunting-schema-reference.md) |
| **Use predefined queries** | Explore collections of predefined queries covering different threat hunting scenarios. | [Shared queries](advanced-hunting-shared-queries.md) | | **Use predefined queries** | Explore collections of predefined queries covering different threat hunting scenarios. | [Shared queries](advanced-hunting-shared-queries.md) |
| **Learn about custom detections** | Understand how you can use advanced hunting queries to trigger alerts and apply response actions automatically. | [Custom detections overview](overview-custom-detections.md) | | **Learn about custom detections** | Understand how you can use advanced hunting queries to trigger alerts and apply response actions automatically. | [Custom detections overview](overview-custom-detections.md) |
@ -66,8 +66,8 @@ Refine your query by selecting the "+" or "-" buttons next to the values that yo
Once you apply the filter to modify the query and then run the query, the results are updated accordingly. Once you apply the filter to modify the query and then run the query, the results are updated accordingly.
## Related topics ## Related topics
- [Learn the query language](advanced-hunting.md) - [Learn the query language](advanced-hunting-query-language.md)
- [Use shared queries](advanced-hunting-shared-queries.md) - [Use shared queries](advanced-hunting-shared-queries.md)
- [Understand the schema](advanced-hunting-reference.md) - [Understand the schema](advanced-hunting-schema-reference.md)
- [Apply query best practices](advanced-hunting-best-practices.md) - [Apply query best practices](advanced-hunting-best-practices.md)
- [Custom detections overview](overview-custom-detections.md) - [Custom detections overview](overview-custom-detections.md)

10
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md
View File

@ -26,9 +26,9 @@ ms.date: 10/08/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The ProcessCreationEvents table in the [Advanced hunting](overview-hunting.md) schema contains information about process creation and related events. Use this reference to construct queries that return information from the table. The ProcessCreationEvents table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about process creation and related events. Use this reference to construct queries that return information from the table.
For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md). For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-schema-reference.md).
| Column name | Data type | Description | | Column name | Data type | Description |
|-------------|-----------|-------------| |-------------|-----------|-------------|
@ -71,6 +71,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance
| AppGuardContainerId | string | Identifier for the virtualized container used by Application Guard to isolate browser activity | | AppGuardContainerId | string | Identifier for the virtualized container used by Application Guard to isolate browser activity |
## Related topics ## Related topics
- [Advanced hunting overview](overview-hunting.md) - [Advanced hunting overview](advanced-hunting-overview.md)
- [Learn the query language](advanced-hunting.md) - [Learn the query language](advanced-hunting-query-language.md)
- [Understand the schema](advanced-hunting-reference.md) - [Understand the schema](advanced-hunting-schema-reference.md)

6
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md → windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md
View File

@ -25,7 +25,7 @@ ms.date: 10/08/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
Advanced hunting is based on the [Kusto query language](https://docs.microsoft.com/azure/kusto/query/). You can use Kusto syntax and operators to construct queries that locate information in the [schema](advanced-hunting-reference.md) specifically structured for Advanced hunting. To understand these concepts better, run your first query. Advanced hunting is based on the [Kusto query language](https://docs.microsoft.com/azure/kusto/query/). You can use Kusto syntax and operators to construct queries that locate information in the [schema](advanced-hunting-schema-reference.md) specifically structured for Advanced hunting. To understand these concepts better, run your first query.
## Try your first query ## Try your first query
@ -138,6 +138,6 @@ For more information on Kusto query language and supported operators, see [Quer
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-belowfoldlink) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-belowfoldlink)
## Related topics ## Related topics
- [Advanced hunting overview](overview-hunting.md) - [Advanced hunting overview](advanced-hunting-overview.md)
- [Understand the schema](advanced-hunting-reference.md) - [Understand the schema](advanced-hunting-schema-reference.md)
- [Apply query best practices](advanced-hunting-best-practices.md) - [Apply query best practices](advanced-hunting-best-practices.md)

10
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md
View File

@ -26,9 +26,9 @@ ms.date: 10/08/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The RegistryEvents table in the [Advanced hunting](overview-hunting.md) schema contains information about the creation and modification of registry entries. Use this reference to construct queries that return information from the table. The RegistryEvents table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about the creation and modification of registry entries. Use this reference to construct queries that return information from the table.
For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md). For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-schema-reference.md).
| Column name | Data type | Description | | Column name | Data type | Description |
|-------------|-----------|-------------| |-------------|-----------|-------------|
@ -61,6 +61,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance
| AppGuardContainerId | string | Identifier for the virtualized container used by Application Guard to isolate browser activity | | AppGuardContainerId | string | Identifier for the virtualized container used by Application Guard to isolate browser activity |
## Related topics ## Related topics
- [Advanced hunting overview](overview-hunting.md) - [Advanced hunting overview](advanced-hunting-overview.md)
- [Learn the query language](advanced-hunting.md) - [Learn the query language](advanced-hunting-query-language.md)
- [Understand the schema](advanced-hunting-reference.md) - [Understand the schema](advanced-hunting-schema-reference.md)

6
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md → windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md
View File

@ -27,7 +27,7 @@ ms.date: 10/08/2019
## Schema tables ## Schema tables
The [Advanced hunting](overview-hunting.md) schema is made up of multiple tables that provide either event information or information about machines and other entities. To effectively build queries that span multiple tables, you need to understand the tables and the columns in the Advanced hunting schema. The [Advanced hunting](advanced-hunting-overview.md) schema is made up of multiple tables that provide either event information or information about machines and other entities. To effectively build queries that span multiple tables, you need to understand the tables and the columns in the Advanced hunting schema.
The following reference lists all the tables in the Advanced hunting schema. Each table name links to a page describing the column names for that table. The following reference lists all the tables in the Advanced hunting schema. Each table name links to a page describing the column names for that table.
@ -47,5 +47,5 @@ Table and column names are also listed within the Microsoft Defender Security Ce
| **[MiscEvents](advanced-hunting-miscevents-table.md)** | Multiple event types, including events triggered by security controls such as Windows Defender Antivirus and exploit protection | | **[MiscEvents](advanced-hunting-miscevents-table.md)** | Multiple event types, including events triggered by security controls such as Windows Defender Antivirus and exploit protection |
## Related topics ## Related topics
- [Advanced hunting overview](overview-hunting.md) - [Advanced hunting overview](advanced-hunting-overview.md)
- [Learn the query language](advanced-hunting.md) - [Learn the query language](advanced-hunting-query-language.md)

6
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md
View File

@ -25,7 +25,7 @@ ms.date: 10/08/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
[Advanced hunting](overview-hunting.md) queries can be shared among users in the same organization. You can also find queries shared publicly on GitHub. These queries let you quickly pursue specific threat hunting scenarios without having to write queries from scratch. [Advanced hunting](advanced-hunting-overview.md) queries can be shared among users in the same organization. You can also find queries shared publicly on GitHub. These queries let you quickly pursue specific threat hunting scenarios without having to write queries from scratch.
![Image of shared queries](images/atp-advanced-hunting-shared-queries.png) ![Image of shared queries](images/atp-advanced-hunting-shared-queries.png)
@ -60,5 +60,5 @@ Microsoft security researchers regularly share Advanced hunting queries in a [de
>Microsoft security researchers also provide Advanced hunting queries that you can use to locate activities and indicators associated with emerging threats. These queries are provided as part of the [threat analytics](threat-analytics.md) reports in Microsoft Defender Security Center. >Microsoft security researchers also provide Advanced hunting queries that you can use to locate activities and indicators associated with emerging threats. These queries are provided as part of the [threat analytics](threat-analytics.md) reports in Microsoft Defender Security Center.
## Related topics ## Related topics
- [Advanced hunting overview](overview-hunting.md) - [Advanced hunting overview](advanced-hunting-overview.md)
- [Learn the query language](advanced-hunting.md) - [Learn the query language](advanced-hunting-query-language.md)

2
windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
View File

@ -45,7 +45,7 @@ For information about configuring attack surface reduction rules, see [Enable at
Microsoft Defender ATP provides detailed reporting into events and blocks as part of its alert investigation scenarios. Microsoft Defender ATP provides detailed reporting into events and blocks as part of its alert investigation scenarios.
You can query Microsoft Defender ATP data by using [Advanced hunting](advanced-hunting.md). If you're using [audit mode](audit-windows-defender.md), you can use Advanced hunting to understand how attack surface reduction rules could affect your environment. You can query Microsoft Defender ATP data by using [Advanced hunting](advanced-hunting-query-language.md). If you're using [audit mode](audit-windows-defender.md), you can use Advanced hunting to understand how attack surface reduction rules could affect your environment.
Here is an example query: Here is an example query:

6
windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
View File

@ -23,7 +23,7 @@ ms.topic: article
**Applies to:** **Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
Custom detection rules built from [Advanced hunting](overview-hunting.md) queries let you proactively monitor various events and system states, including suspected breach activity and misconfigured machines. The queries run every 24 hours, generating alerts and taking response actions whenever there are matches. Custom detection rules built from [Advanced hunting](advanced-hunting-overview.md) queries let you proactively monitor various events and system states, including suspected breach activity and misconfigured machines. The queries run every 24 hours, generating alerts and taking response actions whenever there are matches.
> [!NOTE] > [!NOTE]
> To create and manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission. > To create and manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission.
@ -114,5 +114,5 @@ You can also take the following actions on the rule from this page:
## Related topic ## Related topic
- [Custom detections overview](overview-custom-detections.md) - [Custom detections overview](overview-custom-detections.md)
- [Advanced hunting overview](overview-hunting.md) - [Advanced hunting overview](advanced-hunting-overview.md)
- [Learn the Advanced hunting query language](advanced-hunting.md) - [Learn the Advanced hunting query language](advanced-hunting-query-language.md)

2
windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md
View File

@ -112,7 +112,7 @@ Use the test machines to run attack simulations by connecting to them.
If you are looking for a pre-made simulation, you can use our ["Do It Yourself" attack scenarios](https://securitycenter.windows.com/tutorials). These scripts are safe, documented, and easy to use. These scenarios will reflect Microsoft Defender ATP capabilities and walk you through investigation experience. If you are looking for a pre-made simulation, you can use our ["Do It Yourself" attack scenarios](https://securitycenter.windows.com/tutorials). These scripts are safe, documented, and easy to use. These scenarios will reflect Microsoft Defender ATP capabilities and walk you through investigation experience.
You can also use [Advanced hunting](advanced-hunting.md) to query data and [Threat analytics](threat-analytics.md) to view reports about emerging threats. You can also use [Advanced hunting](advanced-hunting-query-language.md) to query data and [Threat analytics](threat-analytics.md) to view reports about emerging threats.
>[!NOTE] >[!NOTE]
>The connection to the test machines is done using RDP. Make sure that your firewall settings allow RDP connections. >The connection to the test machines is done using RDP. Make sure that your firewall settings allow RDP connections.

2
windows/security/threat-protection/microsoft-defender-atp/manage-edr.md
View File

@ -29,4 +29,4 @@ Topic | Description
[Alerts queue](alerts-queue-endpoint-detection-response.md)| View the alerts surfaced in Microsoft Defender Security Center. [Alerts queue](alerts-queue-endpoint-detection-response.md)| View the alerts surfaced in Microsoft Defender Security Center.
[Machines list](machines-view-overview.md) | Learn how you can view and manage the machines list, manage machine groups, and investigate machine related alerts. [Machines list](machines-view-overview.md) | Learn how you can view and manage the machines list, manage machine groups, and investigate machine related alerts.
[Take response actions](response-actions.md)| Take response actions on machines and files to quickly respond to detected attacks and contain threats. [Take response actions](response-actions.md)| Take response actions on machines and files to quickly respond to detected attacks and contain threats.
[Query data using advanced hunting](advanced-hunting.md)| Proactively hunt for possible threats across your organization using a powerful search and query tool. [Query data using advanced hunting](advanced-hunting-query-language.md)| Proactively hunt for possible threats across your organization using a powerful search and query tool.

6
windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt
View File

@ -105,11 +105,11 @@
### [Advanced hunting]() ### [Advanced hunting]()
#### [Advanced hunting overview](overview-hunting.md) #### [Advanced hunting overview](advanced-hunting-overview.md)
#### [Query data using Advanced hunting]() #### [Query data using Advanced hunting]()
##### [Data querying basics](advanced-hunting.md) ##### [Data querying basics](advanced-hunting-query-language.md)
##### [Advanced hunting reference](advanced-hunting-reference.md) ##### [Advanced hunting reference](advanced-hunting-schema-reference.md)
##### [Advanced hunting query language best practices](advanced-hunting-best-practices.md) ##### [Advanced hunting query language best practices](advanced-hunting-best-practices.md)
#### [Custom detections]() #### [Custom detections]()

4
windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md
View File

@ -25,7 +25,7 @@ ms.topic: conceptual
With custom detections, you can proactively monitor for and respond to various events and system states, including suspected breach activity and misconfigured machines. This is made possible by customizable detection rules that automatically trigger alerts as well as response actions. With custom detections, you can proactively monitor for and respond to various events and system states, including suspected breach activity and misconfigured machines. This is made possible by customizable detection rules that automatically trigger alerts as well as response actions.
Custom detections work with [Advanced hunting](overview-hunting.md), which provides a powerful, flexible query language that covers a broad set of event and system information from your network. The queries run every 24 hours, generating alerts and taking response actions whenever there are matches. Custom detections work with [Advanced hunting](advanced-hunting-overview.md), which provides a powerful, flexible query language that covers a broad set of event and system information from your network. The queries run every 24 hours, generating alerts and taking response actions whenever there are matches.
Custom detections provide: Custom detections provide:
- Alerts for rule-based detections built from Advanced hunting queries - Alerts for rule-based detections built from Advanced hunting queries
@ -36,4 +36,4 @@ Custom detections provide:
## Related topic ## Related topic
- [Create and manage custom detection rules](custom-detection-rules.md) - [Create and manage custom detection rules](custom-detection-rules.md)
- [Advanced hunting overview](overview-hunting.md) - [Advanced hunting overview](advanced-hunting-overview.md)

2
windows/security/threat-protection/microsoft-defender-atp/overview.md
View File

@ -40,7 +40,7 @@ Topic | Description
[Automated investigation and remediation](automated-investigations.md) | In conjunction with being able to quickly respond to advanced attacks, Microsoft Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. [Automated investigation and remediation](automated-investigations.md) | In conjunction with being able to quickly respond to advanced attacks, Microsoft Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.
[Secure score](overview-secure-score.md) | Quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to better protect your organization - all in one place. [Secure score](overview-secure-score.md) | Quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to better protect your organization - all in one place.
[Microsoft Threat Experts](microsoft-threat-experts.md) | Managed cybersecurity threat hunting service. Learn how you can get expert-driven insights and data through targeted attack notification and access to experts on demand. [Microsoft Threat Experts](microsoft-threat-experts.md) | Managed cybersecurity threat hunting service. Learn how you can get expert-driven insights and data through targeted attack notification and access to experts on demand.
[Advanced hunting](overview-hunting.md) | Use a powerful search and query language to create custom queries and detection rules. [Advanced hunting](advanced-hunting-overview.md) | Use a powerful search and query language to create custom queries and detection rules.
[Management and APIs](management-apis.md) | Microsoft Defender ATP supports a wide variety of tools to help you manage and interact with the platform so that you can integrate the service into your existing workflows. [Management and APIs](management-apis.md) | Microsoft Defender ATP supports a wide variety of tools to help you manage and interact with the platform so that you can integrate the service into your existing workflows.
[Microsoft Threat Protection](threat-protection-integration.md) | Microsoft security products work better together. Learn about other security capabilities in the Microsoft threat protection stack. [Microsoft Threat Protection](threat-protection-integration.md) | Microsoft security products work better together. Learn about other security capabilities in the Microsoft threat protection stack.
[Portal overview](portal-overview.md) |Learn to navigate your way around Microsoft Defender Security Center. [Portal overview](portal-overview.md) |Learn to navigate your way around Microsoft Defender Security Center.

4
windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md
View File

@ -62,7 +62,7 @@ Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://w
- Each event hub message in Azure Event Hubs contains list of records. - Each event hub message in Azure Event Hubs contains list of records.
- Each record contains the event name, the time Microsoft Defender ATP received the event, the tenant it belongs (you will only get events from your tenant), and the event in JSON format in a property called "**properties**". - Each record contains the event name, the time Microsoft Defender ATP received the event, the tenant it belongs (you will only get events from your tenant), and the event in JSON format in a property called "**properties**".
- For more information about the schema of Microsoft Defender ATP events, see [Advanced Hunting overview](overview-hunting.md). - For more information about the schema of Microsoft Defender ATP events, see [Advanced Hunting overview](advanced-hunting-overview.md).
## Data types mapping: ## Data types mapping:
@ -83,7 +83,7 @@ To get the data types for event properties do the following:
![Image of event hub resource Id](images/machine-info-datatype-example.png) ![Image of event hub resource Id](images/machine-info-datatype-example.png)
## Related topics ## Related topics
- [Overview of Advanced Hunting](overview-hunting.md) - [Overview of Advanced Hunting](advanced-hunting-overview.md)
- [Microsoft Defender ATP streaming API](raw-data-export.md) - [Microsoft Defender ATP streaming API](raw-data-export.md)
- [Stream Microsoft Defender ATP events to your Azure storage account](raw-data-export-storage.md) - [Stream Microsoft Defender ATP events to your Azure storage account](raw-data-export-storage.md)
- [Azure Event Hubs documentation](https://docs.microsoft.com/azure/event-hubs/) - [Azure Event Hubs documentation](https://docs.microsoft.com/azure/event-hubs/)

4
windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md
View File

@ -62,7 +62,7 @@ Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://w
- Each blob contains multiple rows. - Each blob contains multiple rows.
- Each row contains the event name, the time Microsoft Defender ATP received the event, the tenant it belongs (you will only get events from your tenant), and the event in JSON format in a property called "properties". - Each row contains the event name, the time Microsoft Defender ATP received the event, the tenant it belongs (you will only get events from your tenant), and the event in JSON format in a property called "properties".
- For more information about the schema of Microsoft Defender ATP events, see [Advanced Hunting overview](overview-hunting.md). - For more information about the schema of Microsoft Defender ATP events, see [Advanced Hunting overview](advanced-hunting-overview.md).
## Data types mapping: ## Data types mapping:
@ -83,7 +83,7 @@ In order to get the data types for our events properties do the following:
![Image of event hub resource ID](images/machine-info-datatype-example.png) ![Image of event hub resource ID](images/machine-info-datatype-example.png)
## Related topics ## Related topics
- [Overview of Advanced Hunting](overview-hunting.md) - [Overview of Advanced Hunting](advanced-hunting-overview.md)
- [Microsoft Defender Advanced Threat Protection Streaming API](raw-data-export.md) - [Microsoft Defender Advanced Threat Protection Streaming API](raw-data-export.md)
- [Stream Microsoft Defender Advanced Threat Protection events to your Azure storage account](raw-data-export-storage.md) - [Stream Microsoft Defender Advanced Threat Protection events to your Azure storage account](raw-data-export-storage.md)
- [Azure Storage Account documentation](https://docs.microsoft.com/azure/storage/common/storage-account-overview) - [Azure Storage Account documentation](https://docs.microsoft.com/azure/storage/common/storage-account-overview)

8
windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md
View File

@ -27,17 +27,17 @@ ms.topic: article
## Stream Advanced Hunting events to Event Hubs and/or Azure storage account. ## Stream Advanced Hunting events to Event Hubs and/or Azure storage account.
Microsoft Defender ATP supports streaming all the events available through [Advanced Hunting](overview-hunting.md) to an [Event Hubs](https://docs.microsoft.com/azure/event-hubs/) and/or [Azure storage account](https://docs.microsoft.com/azure/event-hubs/). Microsoft Defender ATP supports streaming all the events available through [Advanced Hunting](advanced-hunting-overview.md) to an [Event Hubs](https://docs.microsoft.com/azure/event-hubs/) and/or [Azure storage account](https://docs.microsoft.com/azure/event-hubs/).
## In this section ## In this section
Topic | Description Topic | Description
:---|:--- :---|:---
[Stream Microsoft Defender ATP events to Azure Event Hubs](raw-data-export-event-hub.md)| Learn about enabling the streaming API in your tenant and configure Microsoft Defender ATP to stream [Advanced Hunting](overview-hunting.md) to Event Hubs. [Stream Microsoft Defender ATP events to Azure Event Hubs](raw-data-export-event-hub.md)| Learn about enabling the streaming API in your tenant and configure Microsoft Defender ATP to stream [Advanced Hunting](advanced-hunting-overview.md) to Event Hubs.
[Stream Microsoft Defender ATP events to your Azure storage account](raw-data-export-storage.md)| Learn about enabling the streaming API in your tenant and configure Microsoft Defender ATP to stream [Advanced Hunting](overview-hunting.md) to your Azure storage account. [Stream Microsoft Defender ATP events to your Azure storage account](raw-data-export-storage.md)| Learn about enabling the streaming API in your tenant and configure Microsoft Defender ATP to stream [Advanced Hunting](advanced-hunting-overview.md) to your Azure storage account.
## Related topics ## Related topics
- [Overview of Advanced Hunting](overview-hunting.md) - [Overview of Advanced Hunting](advanced-hunting-overview.md)
- [Azure Event Hubs documentation](https://docs.microsoft.com/azure/event-hubs/) - [Azure Event Hubs documentation](https://docs.microsoft.com/azure/event-hubs/)
- [Azure Storage Account documentation](https://docs.microsoft.com/azure/storage/common/storage-account-overview) - [Azure Storage Account documentation](https://docs.microsoft.com/azure/storage/common/storage-account-overview)

2
windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
View File

@ -145,5 +145,5 @@ If the 'roles' section in the token does not include the necessary permission:
## Related topic ## Related topic
- [Microsoft Defender ATP APIs](apis-intro.md) - [Microsoft Defender ATP APIs](apis-intro.md)
- [Advanced Hunting from Portal](advanced-hunting.md) - [Advanced Hunting from Portal](advanced-hunting-query-language.md)
- [Advanced Hunting using PowerShell](run-advanced-query-sample-powershell.md) - [Advanced Hunting using PowerShell](run-advanced-query-sample-powershell.md)