deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-25 23:33:35 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
Files
ecfe8728ffa309aacf9cb4bf901c85a412e5c5d2
windows-itpro-docs/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response.md
Joey Caparas e0d935826d update alerts queue
2018-08-22 17:01:07 -07:00

1.9 KiB
Raw Blame History

title, description, keywords, search.product, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.author, author, ms.localizationpriority, ms.date
title description keywords search.product ms.prod ms.mktglfcycl ms.sitesec ms.pagetype ms.author author ms.localizationpriority ms.date
Overview of endpoint detection and response capabilities Learn about the endpoint detection and response capabilities in Windows Defender ATP eADQiWindows 10XVcnh w10 deploy library security macapara mjcaparas high 09/03/2018

Overview of endpoint detection and response

Applies to:

  • Windows Defender Advanced Threat Protection (Windows Defender ATP)

The endpoint detection and response capabilities in Windows Defender ATP continuously monitors your organization for possible attacks against systems, networks, or users in your organization. It helps detect, investigate, and quickly respond to threats.

The detection capability finds the attacks that made it past all other defenses and surfaces them through alerts.

The platform provides various ways for you to investigate an incident and allows you to pivot in various views to help you approach an investigation through multiple possible vectors.

The response capabilities gives you the power to promptly remediate threats by taking action on the affected entities.

In this section

Topic Description
Security operations dashboard This is where the endpoint detection and response capabilities are surfaced. It provides a high level overview of where detections were seen and highlights where response actions are needed.
Alerts queue This dashboard shows all the alerts that were seen on machines. Learn how you can view and organize the queue, or how to manage and investigate alerts.
Machines list Shows a list of machines where alerts have been generated. Learn how you can investigate machines, or how to search for specific events in a timeline, and others.
Take response actions Learn about the available response actions and how to apply them on machines and files.