You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-xdr/advanced-hunting-query-results.md
+2-4Lines changed: 2 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -36,7 +36,7 @@ While you can construct your [advanced hunting](advanced-hunting-overview.md) qu
36
36
-[Export tables and charts](#export-tables-and-charts)
37
37
-[Drill down to detailed entity information](#drill-down-from-query-results)
38
38
-[Tweak your queries directly from the results](#tweak-your-queries-from-the-results)
39
-
-[View timeline of events](#automatic-timeline-rendering)
39
+
-[View timeline of events](#automatic-timeline-rendering-preview)
40
40
41
41
## View query results as a table or chart
42
42
@@ -110,7 +110,6 @@ The line chart below clearly highlights time periods with more activity involvin
110
110
111
111
:::image type="content" source="/defender/media/line-chart-a.png" alt-text="The line chart that displays advanced hunting results in the Microsoft Defender portal" lightbox="/defender/media/line-chart-a.png":::
112
112
113
-
114
113
## Export tables and charts
115
114
116
115
After running a query, select **Export** to save the results to local file. Your chosen view determines how the results are exported:
@@ -158,7 +157,6 @@ Furthermore, for JSON and array fields, you can right-click and update the exist
158
157
159
158
:::image type="content" source="/defender/media/advanced-hunting-query-results-json-right.png" alt-text="Screenshot of options upon right-clicking an option for JSON and array fields" lightbox="/defender/media/advanced-hunting-query-results-json-right.png":::
160
159
161
-
162
160
To quickly inspect a record in your query results, select the corresponding row to open the **Inspect record** panel. The panel provides the following information based on the selected record:
163
161
164
162
-**Assets**—Summarized view of the main assets (mailboxes, devices, and users) found in the record, enriched with available information, such as risk and exposure levels
@@ -201,7 +199,7 @@ You can do the same for your saved functions, queries, and custom detections in
201
199
202
200
By default, a timeline appears above the advanced hunting results that displays event counts over time. The timeline is automatically rendered based on the `Timestamp` or `timeGenerated` column in the query results. It automatically updates when you apply filters and can help you quickly identify abnormal behavior and trends and focus on interesting results.
203
201
204
-
:::image type="content" source="/defender/media/advanced-hunting-query-results-timeline.png" alt-text="Screenshot of the timeline above the query results in advanced hunting." lightbox="/defender/media/advanced-hunting-query-results-timeline.png":::
202
+
:::image type="content" source="./media/advanced-hunting-query-results/advanced-hunting-query-results-timeline.png" alt-text="Screenshot of the timeline above the query results in advanced hunting." lightbox="./media/advanced-hunting-query-results/advanced-hunting-query-results-timeline.png":::
205
203
206
204
You can select whether or not the timeline is displayed by default in the **Chart preferences** settings.
0 commit comments