diff --git a/windows/security/threat-protection/microsoft-defender-atp/techniques-device-timeline.md b/windows/security/threat-protection/microsoft-defender-atp/techniques-device-timeline.md index 8decb6655b..b4ba69661f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/techniques-device-timeline.md +++ b/windows/security/threat-protection/microsoft-defender-atp/techniques-device-timeline.md @@ -25,18 +25,18 @@ ms.technology: mde - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -You can gather more insight about events that occurred in a device by selecting any device from the [Devices list](machines-view-overview.md). This brings you to the individual device's page. On the device page, you can select the **Timeline** tab to view all the events on the device. +You can gain more insight in an investigation by analyzing the events that happened on a specific device. First, select the device of interest from the [Devices list](machines-view-overview.md). On the device page, you can select the **Timeline** tab to view all the events that occurred on the device. ## Understand techniques in the timeline >[!IMPORTANT] >Some information relates to a prereleased product feature in public preview which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -In Microsoft Defender for Endpoint, **Techniques** are an additional data type in the event timeline that provides more insight on activities associated with certain [MITRE ATT&CK](https://attack.mitre.org/) techniques or sub-techniques. +In Microsoft Defender for Endpoint, **Techniques** are an additional data type in the event timeline. Techniques provide more insight on activities associated with [MITRE ATT&CK](https://attack.mitre.org/) techniques or sub-techniques. -This feature simplifies the investigation experience by helping analysts understand at a glance whether certain activities happened on or affected a device and whether those activities indicate a need for closer investigation. +This feature simplifies the investigation experience by helping analysts understand the activities that were observed on a device. Analysts can then decide to investigate further. -For the public preview, Techniques are available by default and are shown together with events when a device's timeline is viewed. +For public preview, Techniques are available by default and shown together with events when a device's timeline is viewed. ![Techniques in device timeline screenshot](images/device-timeline-with-techniques.png) @@ -61,7 +61,7 @@ You can do the same for command lines. ## Investigate related events -Use [advanced hunting](advanced-hunting-overview.md) to find events related to the selected Technique by selecting **Hunt for related events**. This leads to the advanced hunting page with a query to find events related to the Technique. +To use [advanced hunting](advanced-hunting-overview.md) to find events related to the selected Technique, select **Hunt for related events**. This leads to the advanced hunting page with a query to find events related to the Technique. ![Hunt for related events](images/techniques-hunt-for-related-events.png)