deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-18 08:17:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into api-limit

Browse Source
This commit is contained in:
Gary Moore 2020-07-27 15:33:13 -07:00 committed by GitHub
commit f1444caf47
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md
View File

@ -158,4 +158,7 @@ When you click on the pending actions link, you'll be taken to the Action center
## Next steps ## Next steps
[View and approve remediation actions](manage-auto-investigation.md) - [View and approve remediation actions](manage-auto-investigation.md)
- [See the interactive guide: Investigate and remediate threats with Microsoft Defender ATP](https://aka.ms/MDATP-IR-Interactive-Guide)

4
windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
View File

@ -82,10 +82,12 @@ The default device group is configured for semi-automatic remediation. This mean
When a pending action is approved, the entity is then remediated and this new state is reflected in the **Entities** tab of the investigation. When a pending action is approved, the entity is then remediated and this new state is reflected in the **Entities** tab of the investigation.
## Next step ## Next steps
- [Learn about the automated investigations dashboard](manage-auto-investigation.md) - [Learn about the automated investigations dashboard](manage-auto-investigation.md)
- [See the interactive guide: Investigate and remediate threats with Microsoft Defender ATP](https://aka.ms/MDATP-IR-Interactive-Guide)
## Related articles ## Related articles
- [Automated investigation and response in Office 365 Advanced Threat Protection](https://docs.microsoft.com/microsoft-365/security/office-365-security/office-365-air) - [Automated investigation and response in Office 365 Advanced Threat Protection](https://docs.microsoft.com/microsoft-365/security/office-365-security/office-365-air)

5
windows/security/threat-protection/microsoft-defender-atp/get-machines.md
View File

@ -24,7 +24,7 @@ ms.topic: article
## API description ## API description
Retrieves a collection of [Machines](machine.md) that have communicated with Microsoft Defender ATP cloud on the last 30 days. Retrieves a collection of [Machines](machine.md) that have communicated with Microsoft Defender ATP cloud.
<br>Supports [OData V4 queries](https://www.odata.org/documentation/). <br>Supports [OData V4 queries](https://www.odata.org/documentation/).
<br>The OData's `$filter` query is supported on: `computerDnsName`, `lastSeen`, `healthStatus`, `osPlatform`, `riskScore` and `rbacGroupId`. <br>The OData's `$filter` query is supported on: `computerDnsName`, `lastSeen`, `healthStatus`, `osPlatform`, `riskScore` and `rbacGroupId`.
<br>See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md) <br>See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
@ -51,6 +51,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
>- Response will include only devices, that the user have access to, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information) >- Response will include only devices, that the user have access to, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
## HTTP request ## HTTP request
```http ```http
GET https://api.securitycenter.windows.com/api/machines GET https://api.securitycenter.windows.com/api/machines
``` ```
@ -77,6 +78,7 @@ Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)] [!include[Improve request performance](../../includes/improve-request-performance.md)]
```http ```http
GET https://api.securitycenter.windows.com/api/machines GET https://api.securitycenter.windows.com/api/machines
``` ```
@ -85,7 +87,6 @@ GET https://api.securitycenter.windows.com/api/machines
Here is an example of the response. Here is an example of the response.
```http ```http
HTTP/1.1 200 OK HTTP/1.1 200 OK
Content-type: application/json Content-type: application/json

2
windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
View File

@ -63,6 +63,8 @@ In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and
## Next steps ## Next steps
- [See the interactive guide: Investigate and remediate threats with Microsoft Defender ATP](https://aka.ms/MDATP-IR-Interactive-Guide)
- [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center) - [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center)
- [Get an overview of live response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/live-response) - [Get an overview of live response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/live-response)

4
windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md
View File

@ -100,11 +100,11 @@ You can view the overall number of automated investigations from the last 30 day
## Automated investigations statistics ## Automated investigations statistics
This tile shows statistics related to automated investigations in the last 30 days. It shows the number of investigations completed, the number of successfully remediated investigations, the average pending time it takes for an investigation to be initiated, the average time it takes to remediate an alert, the number of alerts investigated, and the number of hours of automation saved from a typical manual investigation. This tile shows statistics related to automated investigations in the last seven days. It shows the number of investigations completed, the number of successfully remediated investigations, the average pending time it takes for an investigation to be initiated, the average time it takes to remediate an alert, the number of alerts investigated, and the number of hours of automation saved from a typical manual investigation.
![Image of automated investigations statistics](images/atp-automated-investigations-statistics.png) ![Image of automated investigations statistics](images/atp-automated-investigations-statistics.png)
You can click on **Automated investigations**, **Remidated investigations**, and **Alerts investigated** to navigate to the **Investigations** page, filtered by the appropriate category. This lets you see a detailed breakdown of investigations in context. You can click on **Automated investigations**, **Remediated investigations**, and **Alerts investigated** to navigate to the **Investigations** page, filtered by the appropriate category. This lets you see a detailed breakdown of investigations in context.
## Users at risk ## Users at risk
The tile shows you a list of user accounts with the most active alerts and the number of alerts seen on high, medium, or low alerts. The tile shows you a list of user accounts with the most active alerts and the number of alerts seen on high, medium, or low alerts.