Merge pull request #2275 from AruneemaXD/AruneemaXD-patch-3

Ruchika-mittal01 · web-flow · commit d54411af83b8 · 2024-12-31T02:01:23.000+05:30
Update indicator-file.md
diff --git a/defender-endpoint/indicator-file.md b/defender-endpoint/indicator-file.md
@@ -6,7 +6,7 @@ ms.service: defender-endpoint
 ms.author: deniseb
 author: denisebmsft
 ms.localizationpriority: medium
-ms.date: 10/17/2024
+ms.date: 12/30/2024
 manager: deniseb
 audience: ITPro
 ms.collection: 
@@ -47,8 +47,6 @@ There are three ways you can create indicators for files:
 - By creating a contextual indicator using the add indicator button from the file details page
 - By creating an indicator through the [Indicator API](api/ti-indicator.md)
 
-
-
 ## Before you begin
 
 Understand the following prerequisites before you create indicators for files:
@@ -64,6 +62,7 @@ Understand the following prerequisites before you create indicators for files:
 ### Windows prerequisites
 
 - This feature is available if your organization uses [Microsoft Defender Antivirus](microsoft-defender-antivirus-windows.md) (in active mode) 
+
 - The Antimalware client version must be `4.18.1901.x` or later. See [Monthly platform and engine versions](microsoft-defender-antivirus-updates.md#platform-and-engine-releases)
 
 - This feature is supported on devices running Windows 10, version 1703 or later, Windows 11, Windows Server 2012 R2, Windows Server 2016 or later, Windows Server 2019, or Windows Server 2022.
@@ -77,11 +76,13 @@ Understand the following prerequisites before you create indicators for files:
 
 - [File hash computation is enabled](/defender-endpoint/mac-resources#configuring-from-the-command-line) by running `mdatp config enable-file-hash-computation --value enabled`
 
-### linux prerequisites
+### Linux prerequisites
 
 - Available in Defender for Endpoint version 101.85.27 or later.
 
-- [File hash computation is enabled](/defender-endpoint/linux-preferences#configure-file-hash-computation-feature) from the portal or in the managed JSON 
+- [File hash computation is enabled](/defender-endpoint/linux-preferences#configure-file-hash-computation-feature) in the Microsoft Defender portal or in the managed JSON
+
+- Behavior monitoring is preferred, but this will work with any other scan (RTP or Custom).
 
 ## Create an indicator for files from the settings page
 
@@ -94,7 +95,9 @@ Understand the following prerequisites before you create indicators for files:
 4. Specify the following details:
 
    - Indicator: Specify the entity details and define the expiration of the indicator.
+
    - Action: Specify the action to be taken and provide a description.
+   
    - Scope: Define the scope of the device group (scoping isn't available in [Defender for Business](/defender-business/mdb-overview)).
 
    > [!NOTE]
@@ -138,7 +141,7 @@ The current supported actions for file IOC are allow, audit and block, and remed
    > For more information about the EnableFileHashComputation group policy, see [Defender CSP](/windows/client-management/mdm/defender-csp).
    > For more information on configuring this feature on Defender for Endpoint on Linux and macOS, see [Configure file hash computation feature on Linux](linux-preferences.md#configure-file-hash-computation-feature) and [Configure file hash computation feature on macOS](mac-preferences.md#configure-file-hash-computation-feature).
 
-> ## Advanced hunting capabilities (preview)
+## Advanced hunting capabilities (preview)
 
 > [!IMPORTANT]
 > Information in this section (**Public Preview for Automated investigation and remediation engine**) relates to prerelease product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
