deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-18 16:27:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Other edits

Browse Source
This commit is contained in:
schmurky 2021-02-15 15:25:21 +08:00
parent 4a631f83ae
commit f393a8edd4
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
windows/security/threat-protection/microsoft-defender-atp/techniques-device-timeline.md
View File

@ -25,18 +25,18 @@ ms.technology: mde
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
You can gather more insight about events that occurred in a device by selecting any device from the [Devices list](machines-view-overview.md). This brings you to the individual device's page. On the device page, you can select the **Timeline** tab to view all the events on the device. You can gain more insight in an investigation by analyzing the events that happened on a specific device. First, select the device of interest from the [Devices list](machines-view-overview.md). On the device page, you can select the **Timeline** tab to view all the events that occurred on the device.
## Understand techniques in the timeline ## Understand techniques in the timeline
>[!IMPORTANT] >[!IMPORTANT]
>Some information relates to a prereleased product feature in public preview which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. >Some information relates to a prereleased product feature in public preview which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
In Microsoft Defender for Endpoint, **Techniques** are an additional data type in the event timeline that provides more insight on activities associated with certain [MITRE ATT&CK](https://attack.mitre.org/) techniques or sub-techniques. In Microsoft Defender for Endpoint, **Techniques** are an additional data type in the event timeline. Techniques provide more insight on activities associated with [MITRE ATT&CK](https://attack.mitre.org/) techniques or sub-techniques.
This feature simplifies the investigation experience by helping analysts understand at a glance whether certain activities happened on or affected a device and whether those activities indicate a need for closer investigation. This feature simplifies the investigation experience by helping analysts understand the activities that were observed on a device. Analysts can then decide to investigate further.
For the public preview, Techniques are available by default and are shown together with events when a device's timeline is viewed. For public preview, Techniques are available by default and shown together with events when a device's timeline is viewed.
![Techniques in device timeline screenshot](images/device-timeline-with-techniques.png) ![Techniques in device timeline screenshot](images/device-timeline-with-techniques.png)
@ -61,7 +61,7 @@ You can do the same for command lines.
## Investigate related events ## Investigate related events
Use [advanced hunting](advanced-hunting-overview.md) to find events related to the selected Technique by selecting **Hunt for related events**. This leads to the advanced hunting page with a query to find events related to the Technique. To use [advanced hunting](advanced-hunting-overview.md) to find events related to the selected Technique, select **Hunt for related events**. This leads to the advanced hunting page with a query to find events related to the Technique.
![Hunt for related events](images/techniques-hunt-for-related-events.png) ![Hunt for related events](images/techniques-hunt-for-related-events.png)