move incident from preview, update alerts list

windows/security/threat-protection/windows-defender-atp/incidents-queue.md

@@ -11,10 +11,9 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
-ms.date: 10/08/2018
 ---
 
-# Incidents queue in Windows Defender ATP
+# Incidents in Windows Defender ATP
 **Applies to:**
 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
 

windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md

@@ -11,7 +11,6 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
-ms.date: 10/08/2018
 ---
 
 # Investigate incidents in Windows Defender ATP
@@ -36,6 +35,7 @@ Alerts are grouped into incidents based on the following reasons:
 - Manual association - A user manually linked the alerts
 - Proximate time - The alerts were triggered on the same machine within a certain timeframe
 - Same file - The files associated with the alert are exactly the same
+- Same URL - The URL that triggered the alert is exactly the same
 
 ![Image of alerts tab in incident page showing the Linked by tool tip](images/atp-incidents-alerts-tooltip.png)
 

windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md

@@ -42,11 +42,6 @@ The following features are included in the preview release:
 - [Information protection](information-protection-in-windows-overview.md)<br>
 Windows Defender ATP is seamlessly integrated in Microsoft Threat Protection to provide a complete and comprehensive data loss prevention (DLP) solution for Windows devices. This solution is delivered and managed as part of the unified Microsoft 365 information protection suite. 
 
-
-- [Incidents](incidents-queue.md)<br>
-Windows Defender ATP applies correlation analytics and aggregates all related alerts and investigations into an incident. Doing so helps narrate a broader story of an attack, thus providing you with the right visuals (upgraded incident graph) and data representations to understand and deal with complex cross-entity threats to your organization's network.
-
-
 - [Integration with Microsoft Cloud App Security](microsoft-cloud-app-security-integration.md)<br>
 Microsoft Cloud App Security leverages Windows Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Windows Defender ATP monitored machines.
 

windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md

@@ -20,6 +20,9 @@ ms.localizationpriority: medium
 Here are the new features in the latest release of Windows Defender ATP.
 
 ## Windows Defender ATP 1809
+- [Incidents](incidents-queue.md)<br>
+Windows Defender ATP applies correlation analytics and aggregates all related alerts and investigations into an incident. Doing so helps narrate a broader story of an attack, thus providing you with the right visuals (upgraded incident graph) and data representations to understand and deal with complex cross-entity threats to your organization's network.
+
 - [Support for iOS and Android devices](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection#turn-on-third-party-integration)<br> Support for iOS and Android devices are now supported.
 
 - [Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard)<br>