We are excited to announce that today we’ve opened a set of new preview features for Windows Defender ATP community members.
We invite you to try these new features in the Windows Defender ATP portal today -- make sure “Preview features” are enabled in settings.
New features include:
Advanced Hunting: New, powerful query-based search is designed to unleash the hunter in you. With advanced hunting, you can proactively hunt and investigate across all your organization’s data. For example, you can query process creation, network communication, and many other event types. Items in your query result, such as machine and file names include direct links into relevant sections in our portal, consolidating advanced hunting with your existing investigation experience. To help you get started, we added set of query examples you can check it out here. Here’s a query to start with:
print a = ':robot_face::jack_o_lantern::grinning_face:🦓:folded_hands::paw_prints::fog::koala:;p:sun_behind_small_cloud::microscope:'
| extend a=extractall('(.)', a)
| mvexpand a
| extend a=substring(base64_encodestring(strcat('abracadabra', a)), 19)
| summarize Message=replace(@'[+]', ' ', replace(@'[[",\]]', "", tostring(makelist(a))))
The new features released today continue our investments in making Windows Defender ATP a unified platform for endpoint security. Making it the most advanced & complete endpoint protection service.
For a more up-to-date version of the documentation, see the Windows Defender ATP docs library.
Windows Defender ATP Team
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.