deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 21:33:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

WTP updates

Browse Source
This commit is contained in:
lomayor
2019-08-19 17:33:57 -07:00
parent debe85e2e0
commit dc5e5f2e92
2 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
windows/security/threat-protection/microsoft-defender-atp/web-threat-protection-monitoring.md
View File

@ -22,13 +22,13 @@ ms.date: 08/30/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
Web threat protection lets you monitor your organizations web browsing security through reports under **Reports > Web protection** in the Microsoft Defender Security Center. The report contains the following cards that provide blocking statistics from web threat protection:
Web threat protection lets you monitor your organizations web browsing security through reports under **Reports > Web protection** in the Microsoft Defender Security Center. The report contains the following cards that provide detection statistics from web threat protection:
- **Web threat protection blocks over time** — this trending card displays the number of web threats blocked by type during the selected time period (Last 30 days, Last 3 months, Last 6 months)
- **Web threat protection detections over time** — this trending card displays the number of web threats detected by type during the selected time period (Last 30 days, Last 3 months, Last 6 months)
![Image of the card showing web threats protection blocks over time](images/wtp-blocks-over-time.png)
![Image of the card showing web threats protection detections over time](images/wtp-blocks-over-time.png)
- **Web threat protection summary** — this card displays the total web threat protection blocks in the past 30 days, showing distribution across the different types of web threats. Clicking a slice opens the list of the domains that were blocked.
- **Web threat protection summary** — this card displays the total web threat protection detections in the past 30 days, showing distribution across the different types of web threats. Clicking a slice opens the list of the domains that were found with malicious or unwanted websites.
![Image of the card showing web threats protection summary](images/wtp-summary.png)
@ -42,10 +42,10 @@ Web threat protection categorizes malicious and unwanted websites as:
- **Custom indicator** — websites whose URLs or domains you've added to your [custom indicator list](manage-indicators.md) for blocking
## View the domain list
Clicking on a specific web threat category in the **Web threat protection summary** card opens the **Domains** page, which shows a list of the blocked domains prefiltered under that threat category. The page provides the following information for each domain:
Clicking on a specific web threat category in the **Web threat protection summary** card opens the **Domains** page, which shows a list of the domains prefiltered under that threat category. The page provides the following information for each domain:
- **Access count** — number of requests for URLs in the domain
- **Blocks** — number of times requests are blocked
- **Blocks** — number of times requests were blocked
- **Access trend** — change in number of access attempts
- **Threat category** — type of web threat
- **Machines** — number of machines with access attempts

2
windows/security/threat-protection/microsoft-defender-atp/web-threat-protection-response.md
View File

@ -26,7 +26,7 @@ Web threat protection in Microsoft Defender APT lets you efficiently investigate
## View web threat alerts
Microsoft Defender ATP generates the following [alerts](manage-alerts.md) for malicious or suspicious web activity:
- **Suspicious connection blocked by network protection** — this alert is generated when an attempt to access a malicious website or a website in your custom indicator list is *stopped* by network protection in *'*block* mode
- **Suspicious connection blocked by network protection** — this alert is generated when an attempt to access a malicious website or a website in your custom indicator list is *stopped* by network protection in *block* mode
- **Suspicious connection detected by network protection** — this alert is generated when an attempt to access a malicious website or a website in your custom indicator list is detected by network protection in *audit only* mode
Each alert provides the following information: