deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 04:13:41 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Updated investigate-incidents-windows-defender-advanced-threat-protection.md

Browse Source
This commit is contained in:
Dolcita Montemayor
2018-08-29 01:28:50 +00:00
parent 919853bb80
commit 01785b6ba1
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md
View File

@ -41,9 +41,8 @@ Select **Investigations** to see all the automatic investigations launched by th
![Image of investigations tab in incident details page](images/atp-incident-investigations-tab.png)
## Going through the evidence
It helps your organization to see a summary and the status of the evidence collated through the incident.
Your team lead, for example, can take a quick look at the Evidence page to know how many has been analyzed or remediated so far, out of all the evidence collated.
Windows Defender Advanced Threat Protection automatically investigates all the incidents' supported events and suspicious entities in the alerts, providing you with auto-response and information about the important files, processes, services, and more. This helps quickly detect and block potential threats in the incident.
Each of the analyzed entities will be marked as infected, remediated, or suspicious.
![Image of evidence tab in incident details page](images/atp-incident-evidence-tab.png)