deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-18 08:17:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

tweaks

Browse Source
This commit is contained in:
Louie Mayor 2020-11-16 16:56:55 -08:00
parent 5ce595ed00
commit eb6e180716
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/threat-protection/microsoft-defender-atp/threat-analytics-analyst-reports.md
View File

@ -42,7 +42,7 @@ Most analyst reports include the following sections:
| [Detection details](#understand-how-each-threat-can-be-detected) | Lists specific and generic detections provided by Microsoft security solutions that can surface activity or components associated with the threat. | | [Detection details](#understand-how-each-threat-can-be-detected) | Lists specific and generic detections provided by Microsoft security solutions that can surface activity or components associated with the threat. |
| [Advanced hunting](#find-subtle-threat-artifacts-using-advanced-hunting) | Provides sample [advanced hunting queries](advanced-hunting-overview.md) for proactively identifying possible threat activity. Most queries are provided to supplement detections, especially for locating potentially malicious components or behaviors that couldn't be dynamically assessed to be malicious. | | [Advanced hunting](#find-subtle-threat-artifacts-using-advanced-hunting) | Provides sample [advanced hunting queries](advanced-hunting-overview.md) for proactively identifying possible threat activity. Most queries are provided to supplement detections, especially for locating potentially malicious components or behaviors that couldn't be dynamically assessed to be malicious. |
| References | Lists Microsoft and third-party references reviewed by analysts during the creation of the report. Threat analytics reports are based on data validated by Microsoft researchers. Information from publicly available, third-party source are identified clearly as such. | | References | Lists Microsoft and third-party references reviewed by analysts during the creation of the report. Threat analytics reports are based on data validated by Microsoft researchers. Information from publicly available, third-party source are identified clearly as such. |
| Change log | The times of publication and when significant changes were made to the report. | | Change log | The time the report was published and and when significant changes were made to the report. |
## Apply additional mitigations ## Apply additional mitigations
Threat analytics reports dynamically track the [status of security updates and secure configurations](threat-analytics.md#review-list-of-mitigations-and-the-status-of-your-devices). This information is available as charts and tables under the **Mitigations** tab. Threat analytics reports dynamically track the [status of security updates and secure configurations](threat-analytics.md#review-list-of-mitigations-and-the-status-of-your-devices). This information is available as charts and tables under the **Mitigations** tab.

5
windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md
View File

@ -84,12 +84,13 @@ Each report includes charts that provide an overview of how resilient your organ
### Get expert insight from the analyst report ### Get expert insight from the analyst report
Go to the [**Analyst report** section](threat-analytics-analyst-reports.md) to read through the detailed expert write-up. Most reports provide detailed descriptions of attack chains, including tactics and techniques mapped to the MITRE ATT&CK framework, exhaustive lists of recommendations, and powerful [threat hunting](advanced-hunting-overview.md) guidance. Go to the [**Analyst report** section](threat-analytics-analyst-reports.md) to read through the detailed expert write-up. Most reports provide detailed descriptions of attack chains, including tactics and techniques mapped to the MITRE ATT&CK framework, exhaustive lists of recommendations, and powerful [threat hunting](advanced-hunting-overview.md) guidance.
![Image of the analyst report section of a threat analytics report](images/ta-analyst-report.png)
_Analyst report section of a threat analytics report_
### Review list of mitigations and the status of your devices ### Review list of mitigations and the status of your devices
In the **Mitigations** section, review the list of specific actionable recommendations that can help you increase your organizational resilience against the threat. The list of tracked mitigations includes recommended settings and vulnerability patches. It also shows the number of devices that don't have these mitigations in place. In the **Mitigations** section, review the list of specific actionable recommendations that can help you increase your organizational resilience against the threat. The list of tracked mitigations includes recommended settings and vulnerability patches. It also shows the number of devices that don't have these mitigations in place.
This section currently supports dynamically tracking the following mitigations:
-
Mitigation information in this section incorporates data from [threat and vulnerability management](next-gen-threat-and-vuln-mgt.md), which also provides detailed drill-down information from various links in the report. Mitigation information in this section incorporates data from [threat and vulnerability management](next-gen-threat-and-vuln-mgt.md), which also provides detailed drill-down information from various links in the report.
![Image of the mitigations section of a threat analytics report](images/ta-mitigations.png) ![Image of the mitigations section of a threat analytics report](images/ta-mitigations.png)