From 38574543f1944c9621af94c88936421c99defbee Mon Sep 17 00:00:00 2001 From: MH <43401763+MinoruHattori@users.noreply.github.com> Date: Mon, 30 Dec 2024 03:06:35 +0900 Subject: [PATCH 1/4] Update live-response.md A note on characters that can be uploaded to the library. --- defender-endpoint/live-response.md | 1 + 1 file changed, 1 insertion(+) diff --git a/defender-endpoint/live-response.md b/defender-endpoint/live-response.md index d7a7598c84..e3fe61bb9c 100644 --- a/defender-endpoint/live-response.md +++ b/defender-endpoint/live-response.md @@ -234,6 +234,7 @@ Live response allows PowerShell scripts to run, however you must first put the f You can have a collection of PowerShell scripts that can run on devices that you initiate live response sessions with. #### To upload a file in the library +Note: There are restrictions on the characters that can be uploaded to the library. Alphanumeric and some characters (-,_,.) only. 1. Click **Upload file to library**. From f9a57ed6fad2bf1473f60c8c5a8c1d2aefa8f463 Mon Sep 17 00:00:00 2001 From: MH <43401763+MinoruHattori@users.noreply.github.com> Date: Mon, 30 Dec 2024 03:19:51 +0900 Subject: [PATCH 2/4] Clarify character restrictions in upload note --- defender-endpoint/live-response.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defender-endpoint/live-response.md b/defender-endpoint/live-response.md index e3fe61bb9c..af9aa3aa36 100644 --- a/defender-endpoint/live-response.md +++ b/defender-endpoint/live-response.md @@ -234,7 +234,7 @@ Live response allows PowerShell scripts to run, however you must first put the f You can have a collection of PowerShell scripts that can run on devices that you initiate live response sessions with. #### To upload a file in the library -Note: There are restrictions on the characters that can be uploaded to the library. Alphanumeric and some characters (-,_,.) only. +Note: There are restrictions on the characters that can be uploaded to the library. Please use alphanumeric characters and some symbols(-, _, .). 1. Click **Upload file to library**. From 34d929f9f7a2452ce0671a7b64a0d5fa6f9f728d Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 30 Dec 2024 12:29:09 -0800 Subject: [PATCH 3/4] Update live response documentation with links and formatting --- defender-endpoint/live-response.md | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/defender-endpoint/live-response.md b/defender-endpoint/live-response.md index af9aa3aa36..7c565a3e21 100644 --- a/defender-endpoint/live-response.md +++ b/defender-endpoint/live-response.md @@ -14,7 +14,7 @@ ms.collection: ms.topic: conceptual ms.subservice: edr search.appverid: met150 -ms.date: 04/03/2024 +ms.date: 12/30/2024 --- # Investigate entities on devices using live response @@ -124,9 +124,9 @@ The dashboard also gives you access to: > [!NOTE] > Live response actions initiated from the Device page are not available in the machineactions API. -1. Sign in to Microsoft Defender portal. +1. Sign in to [Microsoft Defender portal](https://security.microsoft.com). -2. Navigate to **Endpoints > Device inventory** and select a device to investigate. The devices page opens. +2. Navigate to **Endpoints** > **Device inventory** and select a device to investigate. The devices page opens. 3. Launch the live response session by selecting **Initiate live response session**. A command console is displayed. Wait while the session connects to the device. @@ -234,11 +234,13 @@ Live response allows PowerShell scripts to run, however you must first put the f You can have a collection of PowerShell scripts that can run on devices that you initiate live response sessions with. #### To upload a file in the library -Note: There are restrictions on the characters that can be uploaded to the library. Please use alphanumeric characters and some symbols(-, _, .). -1. Click **Upload file to library**. +> [!NOTE] +> There are restrictions on the characters that can be uploaded to the library. Use alphanumeric characters and some symbols(`-`, `_`, or `.`). + +1. Select **Upload file to library**. -2. Click **Browse** and select the file. +2. Select **Browse** and select the file. 3. Provide a brief description. @@ -246,7 +248,7 @@ Note: There are restrictions on the characters that can be uploaded to the libra 5. If you'd like to be, know what parameters are needed for the script, select the script parameters check box. In the text field, enter an example and a description. -6. Click **Confirm**. +6. Select **Confirm**. 7. (Optional) To verify that the file was uploaded to the library, run the `library` command. @@ -255,7 +257,7 @@ Note: There are restrictions on the characters that can be uploaded to the libra Anytime during a session, you can cancel a command by pressing CTRL + C. > [!WARNING] -> Using this shortcut will not stop the command in the agent side. It will only cancel the command in the portal. So, changing operations such as "remediate" may continue, while the command is canceled. +> Using this shortcut will not stop the command in the agent side. It only cancels the command in the portal. So, changing operations such as "remediate" may continue, while the command is canceled. ## Run a script From 0b29ac6474711342ebde96cfe7543a454e703c29 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 16 Jan 2025 10:46:20 -0800 Subject: [PATCH 4/4] Clarify character restrictions and command cancellation --- defender-endpoint/live-response.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/defender-endpoint/live-response.md b/defender-endpoint/live-response.md index 7c565a3e21..f7420e481f 100644 --- a/defender-endpoint/live-response.md +++ b/defender-endpoint/live-response.md @@ -236,7 +236,7 @@ You can have a collection of PowerShell scripts that can run on devices that you #### To upload a file in the library > [!NOTE] -> There are restrictions on the characters that can be uploaded to the library. Use alphanumeric characters and some symbols(`-`, `_`, or `.`). +> There are restrictions on the characters that can be uploaded to the library. Use alphanumeric characters and some symbols (specifically, `-`, `_`, or `.`). 1. Select **Upload file to library**. @@ -257,7 +257,7 @@ You can have a collection of PowerShell scripts that can run on devices that you Anytime during a session, you can cancel a command by pressing CTRL + C. > [!WARNING] -> Using this shortcut will not stop the command in the agent side. It only cancels the command in the portal. So, changing operations such as "remediate" may continue, while the command is canceled. +> Using this shortcut doesn't stop the command in the agent side. It only cancels the command in the Microsoft Defender portal. So, changing operations such as "remediate" may continue, even if the command is canceled. ## Run a script