Have you ever investigated files in Microsoft Defender for Endpoint? We now make it even easier with our recent announcement of enhancements to the File page and side panel. Users can now streamline processes by having a more efficient navigation experience that hosts all this information in one place.
Pivot to first and last seen devices With a single click from the Overview tab, you can pivot to the first and last observations of the file on devices in the last 30 days. The first occurrence of the file on the device is typically quite important for establishing the timeframe and origin of how the file got there.
Determine if the file is in your indicators list If the file is in the custom indicators list, a red banner will be displayed, so you can easily spot malicious files that were already handled.
See PE metadata of the file When PE metadata is available for this file, it will be shown in the file summary, providing better indication of its origins.
See related incidents in the alerts view
A new “Incidents” column now shows the incident in which the alert is part of, so you can pivot to the incident directly.
Approve pending actions and see the action history
The new Action center tab is a filtered view of the global action center with pending actions and history of actions taken on the file.
Approve pending actions and see actions history for a specific file
With these new features, you can now more easily investigate files, pivot to the most important related devices, take and audit actions on a file, all from the file page. Have you tried working with the enhanced file page and side panel just yet? If not, give it a try today! If you have, we would love to hear what you think!