From ee314cd86c1c2b0c0d63b786dd948623c55c2e9d Mon Sep 17 00:00:00 2001 From: Liza Mash Date: Sun, 4 Mar 2018 08:10:26 +0000 Subject: [PATCH] Updated advanced-hunting-windows-defender-advanced-threat-protection.md --- ...ting-windows-defender-advanced-threat-protection.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md index 8314c26d31..3b3e1c8ecf 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md @@ -86,9 +86,17 @@ The following tables are exposed as part of advanced hunting: The results set has several capabilities to provide you with effective investigation, including: - Columns that return entity-related objects, such as Machine name, Machine ID, File name, SHA1, User, IP, and URL, are linked to their entity pages in the Windows Defender ATP portal. -- If you right-click on a cell in the results set, you can add a filter to your written query. The current filtering options are **include** or **exclude**; these cell values are part of the row set. +- If you right-click on a cell in the results set, you can add a filter to your written query. The current filtering options are **include**, **exclude** or **advanced filter**, which provides you additional filtering options on the cell value; these cell values are part of the row set. ![Image of Windows Defender ATP advanced hunting results set](images/atp-advanced-hunting-results-set.png) +## Filters on results in advanced hunting +In Advanced Hunting, you have an advanced filter on the output results set of the query - +The filters provide an overview of the result set - +each column has it's own section, which shows the distict values that appear in the column and their prevalence. +you can refine your query based on the filters - +simply click the "+" or "-" buttons on the values you want to include or exclude and click on the **"Run query"** button. +your filter selections will resolve into additional query term and the results will be updated accordingly. + ## Related topics