deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 10:53:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

change to indicators

Browse Source
This commit is contained in:
Joey Caparas
2019-03-22 15:00:46 -07:00
parent 9a814c75d0
commit fb17b6a08a
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md
View File

@ -27,21 +27,21 @@ ms.topic: article
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink)
Create rules to define the detection, prevention, and exclusion of entities based on indicators. You can define the action to be taken as well as the duration for when to apply the action as well as the scope of the machine group to apply it to.
Create indicators that define the detection, prevention, and exclusion of entities. You can define the action to be taken as well as the duration for when to apply the action as well as the scope of the machine group to apply it to.
On the top navigation you can:
- Import a list
- Add an indicator rule
- Add an indicator
- Customize columns to add or remove columns
- Export the entire list in CSV format
- Select the items to show per page
- Navigate between pages
- Apply filters
## Create a rule
## Create an indicator
1. In the navigation pane, select **Settings** > **Allowed/blocked list**.
2. Select the tab of the type of entity you'd like to create a rule for. You can choose any of the following entities:
2. Select the tab of the type of entity you'd like to create an indicator for. You can choose any of the following entities:
- File hash
- IP address
- URLs/Domains
@ -55,14 +55,14 @@ On the top navigation you can:
5. Review the details in the Summary tab, then click **Save**.
## Manage a rule
## Manage indicators
1. In the navigation pane, select **Settings** > **Allowed/blocked list**.
2. Select the tab of the entity type you'd like to manage.
3. Update the details of the rule and click **Save** or click the **Delete** button if you'd like to remove the entity from the rule list.
3. Update the details of the indicator and click **Save** or click the **Delete** button if you'd like to remove the entity from the list.
## Import a rule list
## Import a list
You can also choose to upload a CSV file that defines the attributes of indicators, the action to be taken, and other details.
Download the sample CSV to know the supported column attributes.