add filters

schmurky · schmurky · commit 671e77e9e848 · 2024-08-02T20:50:31.000+01:00
diff --git a/defender-xdr/advanced-hunting-query-results.md b/defender-xdr/advanced-hunting-query-results.md
@@ -113,12 +113,26 @@ After running a query, select **Export** to save the results to local file. Your
 
 ## Filter results
 
-After running a query, select **Filter** to narrow down the results to specific 
+After running a query, select **Filter** to narrow down the results. 
 
 :::image type="content" source="/defender/media/add-filter1.png" alt-text="Screenshot of filters in advanced hunting." lightbox="/defender/media/add-filter1.png":::
 
+To add a filter, select the data you want to filter for by selecting one or more of the check boxes. Then select **Add**.
+
 :::image type="content" source="/defender/media/add-filter2.png" alt-text="Screenshot of filters dropdown in advanced hunting." lightbox="/defender/media/add-filter2.png":::
 
+You can narrow the results down even further to specific data by selecting the newly added filter. 
+
+:::image type="content" source="/defender/media/add-filter3.png" alt-text="Screenshot of new filter pill in advanced hunting." lightbox="/defender/media/add-filter3.png":::
+
+This opens a dropdown showing the possible filters you can use further. Select one or more of the check boxes, then select **Apply**.
+
+:::image type="content" source="/defender/media/add-filter4.png" alt-text="Screenshot of new filter's dropdown in advanced hunting." lightbox="/defender/media/add-filter4.png":::
+
+Confirm that you have added the filters that you wanted by checking the Filters section. 
+
+:::image type="content" source="/defender/media/add-filter5.png" alt-text="Screenshot of filters added advanced hunting." lightbox="/defender/media/add-filter5.png":::
+
 ## Drill down from query results
 
 You can also explore the results in-line with the following features:
diff --git a/defender-xdr/whats-new.md b/defender-xdr/whats-new.md
@@ -54,7 +54,7 @@ You can also get product updates and important notifications through the [messag
 
 - (GA) You can now **release or move email messages from quarantine** back to the user's inbox directly from [Take actions in advanced hunting](advanced-hunting-take-action.md#take-various-actions-on-emails) and in [custom detections](custom-detection-rules.md#actions-on-emails). This allows security operators to manage false positives more efficiently and without losing context. 
 
-
+- (GA) You can now **[filter your results](advanced-hunting-query-results.md#filter-results)** in advanced hunting so you can zoom in on your
 
 ## June 2024
 
