You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-xdr/investigate-incidents.md
+2Lines changed: 2 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -96,6 +96,8 @@ The resulting logs or alerts can be linked to an incident by selecting a results
96
96
97
97
:::image type="content" source="/defender/media/investigate-incidents/fig2-gohunt-attackstory.png" alt-text="Highlighting the link to incident option in go hunt query results" lightbox="/defender/media/investigate-incidents/fig2-gohunt-attackstory.png":::
98
98
99
+
If the incident or related alerts were the result of an analytics rule you've set, you can also select **Run query** to see other related results.
100
+
99
101
## Summary
100
102
101
103
Use the **Summary** page to assess the relative importance of the incident and quickly access the associated alerts and impacted entities. The **Summary** page gives you a snapshot glance at the top things to notice about the incident.
Copy file name to clipboardExpand all lines: defender-xdr/whats-new.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -32,9 +32,9 @@ You can also get product updates and important notifications through the [messag
32
32
## September 2024
33
33
- (GA) **Advanced hunting context panes** are now available in more experiences. This allows you to access the advanced hunting feature without leaving your current workflow.
34
34
- For incidents and alerts generated by analytics rules, you can select **Run query** to explore the results of the related analytics rule.
35
-
-For analytics rules, you can [UPDATE].
36
-
- In the [query resources report](advanced-hunting-limits.md#find-resource-heavy-queries), you can also view any of the queries by selecting the three dots on the query row and selecting **Open in query editor**.
37
-
-[UPDATE FOR GO HUNT]
35
+
-In the analytics rule wizard's *Set rule logic* step, you can select **View query results** to verify the results of the query you are about to set.
36
+
- In the [query resources report](advanced-hunting-limits.md#find-resource-heavy-queries), you can view any of the queries by selecting the three dots on the query row and selecting **Open in query editor**.
37
+
-For device entities involved in incidents or alerts, **Go hunt** is also available as one of the options after selecting the three dots on the device side panel.
0 commit comments