From 821c2ac0c367f9eba6f3c51bb5b494816c942d8e Mon Sep 17 00:00:00 2001 From: MatiG Date: Mon, 11 Jan 2021 14:31:09 +0200 Subject: [PATCH 1/2] change log level to debug --- .../microsoft-defender-atp/linux-resources.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md index 3b12f36855..2fc939ef09 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md @@ -36,20 +36,23 @@ If you can reproduce a problem, first increase the logging level, run the system 1. Increase logging level: ```bash - mdatp log level set --level verbose + mdatp log level set --level debug ``` + ```Output Log level configured successfully ``` 2. Reproduce the problem. -3. Run the following command to back up Defender for Endpoint's logs. The files will be stored inside of a .zip archive. +3. Run the following command to back up Defender for Endpoint's logs. The files will be stored inside of a .zip archive. ```bash sudo mdatp diagnostic create ``` + This command will also print out the file path to the backup after the operation succeeds: + ```Output Diagnostic file created: ``` @@ -59,6 +62,7 @@ If you can reproduce a problem, first increase the logging level, run the system ```bash mdatp log level set --level info ``` + ```Output Log level configured successfully ``` From f0f90ce9d474af605fc0786ecfab269ce0b6ec63 Mon Sep 17 00:00:00 2001 From: MatiG Date: Mon, 11 Jan 2021 14:45:52 +0200 Subject: [PATCH 2/2] adding edr cli documentation --- .../microsoft-defender-atp/linux-resources.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md index 2fc939ef09..fa1b975d62 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md @@ -128,6 +128,10 @@ The following table lists commands for some of the most common scenarios. Run `m |Quarantine management |Add a file detected as a threat to the quarantine |`mdatp threat quarantine add --id [threat-id]` | |Quarantine management |Remove a file detected as a threat from the quarantine |`mdatp threat quarantine remove --id [threat-id]` | |Quarantine management |Restore a file from the quarantine |`mdatp threat quarantine restore --id [threat-id]` | +|Endpoint Detection and Response |Set early preview (unused) |`mdatp edr early-preview [enable|disable]` | +|Endpoint Detection and Response |Set group-id |`mdatp edr group-ids --group-id [group-id]` | +|Endpoint Detection and Response |Set/Remove tag, only `GROUP` supported |`mdatp edr tag set --name GROUP --value [tag]` | +|Endpoint Detection and Response |list exclusions (root) |`mdatp edr exclusion list [processes|paths|extensions|all]` | ## Microsoft Defender for Endpoint portal information