From 0ec2e2a1f59979681c041064f7a400698a4690cd Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 29 Jan 2019 14:31:46 -0800 Subject: [PATCH] move incident from preview, update alerts list --- .../windows-defender-atp/incidents-queue.md | 3 +-- ...-incidents-windows-defender-advanced-threat-protection.md | 2 +- .../preview-windows-defender-advanced-threat-protection.md | 5 ----- .../whats-new-in-windows-defender-atp.md | 3 +++ 4 files changed, 5 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/incidents-queue.md b/windows/security/threat-protection/windows-defender-atp/incidents-queue.md index 01abcc2317..ff6360dbe3 100644 --- a/windows/security/threat-protection/windows-defender-atp/incidents-queue.md +++ b/windows/security/threat-protection/windows-defender-atp/incidents-queue.md @@ -11,10 +11,9 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: medium -ms.date: 10/08/2018 --- -# Incidents queue in Windows Defender ATP +# Incidents in Windows Defender ATP **Applies to:** - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md index 464c9131b9..f649b97c7b 100644 --- a/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md @@ -11,7 +11,6 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: medium -ms.date: 10/08/2018 --- # Investigate incidents in Windows Defender ATP @@ -36,6 +35,7 @@ Alerts are grouped into incidents based on the following reasons: - Manual association - A user manually linked the alerts - Proximate time - The alerts were triggered on the same machine within a certain timeframe - Same file - The files associated with the alert are exactly the same +- Same URL - The URL that triggered the alert is exactly the same ![Image of alerts tab in incident page showing the Linked by tool tip](images/atp-incidents-alerts-tooltip.png) diff --git a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md index f0d5d23e2f..10b8cd3d81 100644 --- a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md @@ -42,11 +42,6 @@ The following features are included in the preview release: - [Information protection](information-protection-in-windows-overview.md)
Windows Defender ATP is seamlessly integrated in Microsoft Threat Protection to provide a complete and comprehensive data loss prevention (DLP) solution for Windows devices. This solution is delivered and managed as part of the unified Microsoft 365 information protection suite. - -- [Incidents](incidents-queue.md)
-Windows Defender ATP applies correlation analytics and aggregates all related alerts and investigations into an incident. Doing so helps narrate a broader story of an attack, thus providing you with the right visuals (upgraded incident graph) and data representations to understand and deal with complex cross-entity threats to your organization's network. - - - [Integration with Microsoft Cloud App Security](microsoft-cloud-app-security-integration.md)
Microsoft Cloud App Security leverages Windows Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Windows Defender ATP monitored machines. diff --git a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md index 7557ed0cfe..f6bcee92a8 100644 --- a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md +++ b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md @@ -20,6 +20,9 @@ ms.localizationpriority: medium Here are the new features in the latest release of Windows Defender ATP. ## Windows Defender ATP 1809 +- [Incidents](incidents-queue.md)
+Windows Defender ATP applies correlation analytics and aggregates all related alerts and investigations into an incident. Doing so helps narrate a broader story of an attack, thus providing you with the right visuals (upgraded incident graph) and data representations to understand and deal with complex cross-entity threats to your organization's network. + - [Support for iOS and Android devices](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection#turn-on-third-party-integration)
Support for iOS and Android devices are now supported. - [Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard)