You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-xdr/advanced-hunting-query-results.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -203,7 +203,7 @@ By default, a timeline appears above the advanced hunting results that displays
203
203
204
204
You can select whether or not the timeline is displayed by default in the **Chart preferences** settings.
205
205
206
-
:::image type="content" source="/defender/media/advanced-hunting-chart-preferences.png" alt-text="Screenshot of the Page preferences settings in advanced hunting." lightbox="/defender/media/advanced-hunting-chart-preferences.png":::
206
+
:::image type="content" source="./media/advanced-hunting-query-results/advanced-hunting-chart-preferences.png" alt-text="Screenshot of the Page preferences settings in advanced hunting." lightbox="./media/advanced-hunting-query-results/advanced-hunting-chart-preferences.png":::
207
207
208
208
The timeline automatically adjusts its resolution based on the range of results.
209
209
@@ -215,7 +215,7 @@ Select any point on the timeline to filter both the results and the timeline to
215
215
216
216
The following screenshot shows the results of a query that returns 1,000 email events. The timeline is unfiltered, so it displays the full range of results with a timestamp for each day. Select a day or range of days to filter the results for that time period.
217
217
218
-
:::image type="content" source="/defender/media/advanced-hunting-unfiltered-results.png" alt-text="Screenshot of an advanced hunting query of 1,000 email events with all the results unfiltered." lightbox="/defender/media/advanced-hunting-unfiltered-results.png":::
218
+
:::image type="content" source="./media/advanced-hunting-query-results/advanced-hunting-unfiltered-results.png" alt-text="Screenshot of an advanced hunting query of 1,000 email events with all the results unfiltered." lightbox="./media/advanced-hunting-query-results/advanced-hunting-unfiltered-results.png":::
219
219
220
220
#### [Filtered timeline](#tab/filtered)
221
221
@@ -233,13 +233,13 @@ You can split the results in the timeline by any column that has at least two bu
233
233
234
234
The following screenshot shows the results of a query that returns 1,000 email events. The timeline is ungrouped, so it displays all the results in a single line.
235
235
236
-
:::image type="content" source="/defender/media/advanced-hunting-ungrouped.png" alt-text="Screenshot of an advanced hunting query of 1,000 email events with the results all together in one line." lightbox="/defender/media/advanced-hunting-ungrouped.png":::
236
+
:::image type="content" source="./media/advanced-hunting-query-results/advanced-hunting-ungrouped.png" alt-text="Screenshot of an advanced hunting query of 1,000 email events with the results all together in one line." lightbox="./media/advanced-hunting-query-results/advanced-hunting-ungrouped.png":::
237
237
238
238
#### [Grouped timeline](#tab/grouped)
239
239
240
240
The following screenshot shows the results grouped by last email action with a separate line for each action.
241
241
242
-
:::image type="content" source="/defender/media/advanced-hunting-grouped.png" alt-text="Screenshot of an advanced hunting query of 1,000 email events with the results grouped by last email action." lightbox="/defender/media/advanced-hunting-grouped.png":::
242
+
:::image type="content" source="./media/advanced-hunting-query-results/advanced-hunting-grouped.png" alt-text="Screenshot of an advanced hunting query of 1,000 email events with the results grouped by last email action." lightbox="./media/advanced-hunting-query-results/advanced-hunting-grouped.png":::
0 commit comments