You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-xdr/configure-asset-rules.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
---
2
-
title: Asset rule management - Dynamic rules
3
-
description: You can use Microsoft Defender for Endpoint to configure dynamic tagging
2
+
title: Create dynamic rules for devices in asset rule management
3
+
description: Use asset rule management in Microsoft Defender for Endpoint to configure dynamic tagging for devices.
4
4
ms.service: defender-xdr
5
5
ms.author: deniseb
6
6
author: denisebmsft
@@ -15,7 +15,7 @@ search.appverid: met150
15
15
ms.date: 01/02/2025
16
16
---
17
17
18
-
# Asset rule management - Dynamic rules for devices
18
+
# Create dynamic rules for devices in asset rule management
19
19
20
20
> [!IMPORTANT]
21
21
> Some information in this article relates to prereleased products/services that might be substantially modified before they are commercially released. Microsoft makes no warranties, express or implied, for the information provided here.
Copy file name to clipboardExpand all lines: defender-xdr/configure-email-notifications.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,5 +1,5 @@
1
1
---
2
-
title: Configure alert notifications in Microsoft Defender XDR
2
+
title: Configure alert notifications
3
3
description: You can use Microsoft Defender for Endpoint to configure email notification settings for security alerts, based on severity and other criteria.
4
4
ms.service: defender-xdr
5
5
ms.author: diannegali
@@ -15,7 +15,7 @@ search.appverid: met150
15
15
ms.date: 07/08/2024
16
16
---
17
17
18
-
# Configure alert notifications in Microsoft Defender XDR
Copy file name to clipboardExpand all lines: defender-xdr/export-incidents-queue.md
+3-1Lines changed: 3 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -27,6 +27,7 @@ ms.date: 07/11/2022
27
27
28
28
29
29
**Applies to:**
30
+
30
31
- Microsoft Defender XDR
31
32
32
33
The **Export** feature allows you to export the data in the incident queue that is displayed according to the applied filters and time ranges. It's available in the form of a button named **Export**, as displayed in the following screenshot:
@@ -42,7 +43,8 @@ For example, for the data on the CSV file, you can apply filters to view the fol
42
43
- Data regarding who is your most productive analyst.
43
44
44
45
> [!NOTE]
45
-
> The maximum number of records you can export to a CSV file is 10,000.
46
+
> The maximum number of records you can export to a CSV file is 10,000.
46
47
47
48
If you have thoughts or suggestions about the new **Export** feature (the **Export** button) for the incident queue, contact Microsoft team or send your feedback through the Microsoft Defender portal.
Copy file name to clipboardExpand all lines: defender-xdr/incident-queue.md
+13-2Lines changed: 13 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,7 +18,7 @@ ms.topic: conceptual
18
18
search.appverid:
19
19
- MOE150
20
20
- MET150
21
-
ms.date: 01/06/2025
21
+
ms.date: 01/10/2025
22
22
appliesto:
23
23
- Microsoft Defender XDR
24
24
- Microsoft Sentinel in the Microsoft Defender portal
@@ -51,6 +51,17 @@ The incident queue has customizable columns that give you visibility into differ
51
51
52
52
:::image type="content" source="/defender/media/incidents-queue/incidents-ss-incidents-3.png" alt-text="Screenshot of Incident page filter and column controls." lightbox="/defender/media/incidents-queue/incidents-ss-incidents-3.png":::
53
53
54
+
The **Export** feature allows you to export the data in the incident queue that is displayed according to the applied filters and time ranges. It's available in the form of a button named **Export**, as displayed in the following screenshot:
55
+
56
+
:::image type="content" source="/defender/media/defender/incidents-queue-with-export-button.png" alt-text="Shows the Export button in the Incidents page of the Microsoft Defender portal":::
57
+
58
+
When you click the **Export** button, the data is exported to a CSV file. You can apply various filters and time ranges to the incidents queue (not just in the context of exporting the data, but in a generic context). When you select **Export**, whichever filters and/or time ranges are applied to the incidents queue, such data is exported to the CSV file.
59
+
60
+
Once you export the incidents queue-related data onto the CSV file, you can analyze the data and filter it further, based on your requirements.
61
+
62
+
> [!NOTE]
63
+
> The maximum number of records you can export to a CSV file is 10,000.
64
+
54
65
### Incident names
55
66
56
67
For more visibility at a glance, Microsoft Defender XDR generates incident names automatically, based on alert attributes such as the number of endpoints affected, users affected, detection sources, or categories. This specific naming allows you to quickly understand the scope of the incident.
@@ -86,7 +97,7 @@ You can do the following actions in the series of cards that appear in Defender
86
97
87
98
To reopen Defender Boxed, go to the Incidents queue and then select **Your Defender Boxed** on the right side of the pane.
88
99
89
-
:::image type="content" source="/defender/media/defender-boxed/defender-boxed-incident-small.png" alt-text="Screenshot of Defender Boxed slide with the save option highlighted." lightbox="/defender/media/defender-boxed/defender-boxed-incident.png":::
100
+
:::image type="content" source="/defender/media/defender-boxed/defender-boxed-incident-small.png" alt-text="Screenshot of the Defender Boxed option highlighted in the Incidents page." lightbox="/defender/media/defender-boxed/defender-boxed-incident.png":::
0 commit comments