Microsoft Defender Advanced Threat Protection (ATP) now allows users to flag events in the device timeline, the company has confirmed in its blog post. This way, Windows 10 users can quickly and easily highlight as well as identify important events on-the-go. Well, security teams can revisit these flagged events anytime they want for deeper investigation.
Now flag events in Defender ATP
Microsoft Defender ATP’s threat identification and investigation capabilities have significantly evolved in the last few months. In its recent blog post, Microsoft wrote:
“We’re excited to share that now you can also flag events, giving you the ability to highlight and then quickly identify events that are of importance to you and your team.”
Now that Microsoft Defender ATP has enabled new ways to highlight and identify important events, security teams can build a clean breach timeline by highlighting the most important events in a timely manner and marking events that require a deep dive.
How to flag important events in Microsoft Defender ATP
The ability to flag events in Microsoft Defender ATP is available in public preview. Since the feature is already live, you can start using it right away. First things first, you need to turn on preview features navigating to Settings > Advanced features > Preview features in Microsoft Defender Security Center. Using this feature involves a 3-step approach:
- Flagging events
- Viewing the flagged events
- Identifying flagged events
First things first, start by locating the flag column in the device timeline. In order to flag events, all you need to do is hover over the flag column next to events and click on the events you wish to flag. You can view the flagged events by toggling “Flagged events” options in the timeline filters section and applying the filter.
Security teams can identify flagged events on the time bar. This way, security teams can view the events prior to the flagged event.
Last month, Microsoft Defender ATP announced the public preview of a news feed feature called Event Timeline that allows security teams to discover the origin of security threats.