Merge pull request #3808 from MicrosoftDocs/main

Ruchika-mittal01 · web-flow · commit b259a7bb1b78 · 2025-05-16T23:06:43.000+05:30
[AutoPublish] main to live - 05/16 10:30 PDT | 05/16 23:00 IST
diff --git a/defender-xdr/advanced-hunting-overview.md b/defender-xdr/advanced-hunting-overview.md
@@ -65,8 +65,13 @@ Also, your access to endpoint data is determined by role-based access control (R
 ## Data freshness and update frequency
 Advanced hunting data can be categorized into two distinct types, each consolidated differently.
 
-- **Event or activity data**—populates tables about alerts, security events, system events, and routine assessments. Advanced hunting receives this data almost immediately after the sensors that collect them successfully transmit them to the corresponding cloud services. For example, you can query event data from healthy sensors on workstations or domain controllers almost immediately after they are available on Microsoft Defender for Endpoint and Microsoft Defender for Identity.
-- **Entity data**—populates tables with information about users and devices. This data comes from both relatively static data sources and dynamic sources, such as Active Directory entries and event logs. To provide fresh data, tables are updated with any new information every 15 minutes, adding rows that might not be fully populated. Every 24 hours, data is consolidated to insert a record that contains the latest, most comprehensive data set about each entity.
+### **Event or activity data**
+Event or activity data populates tables about alerts, security events, system events, and routine assessments. Advanced hunting receives this data almost immediately after the sensors that collect them successfully transmit them to the corresponding cloud services. For example, you can query event data from healthy sensors on workstations or domain controllers almost immediately after they are available on Microsoft Defender for Endpoint and Microsoft Defender for Identity. 
+
+To collect even more event properties, you have the option of turning on [aggregated reporting](/defender-endpoint/aggregated-reporting).
+
+### **Entity data**
+Entity data populates tables with information about users and devices. This data comes from both relatively static data sources and dynamic sources, such as Active Directory entries and event logs. To provide fresh data, tables are updated with any new information every 15 minutes, adding rows that might not be fully populated. Every 24 hours, data is consolidated to insert a record that contains the latest, most comprehensive data set about each entity.
 
 
 ## Time zone
