diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-related-to-machine.PNG b/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-related-to-machine.PNG index af1915fb0b..dcaa87034d 100644 Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-related-to-machine.PNG and b/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-related-to-machine.PNG differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-details-view.png b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-details-view.png index 6a005352c5..97529ae015 100644 Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-details-view.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-details-view.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-details-view2.png b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-details-view2.png new file mode 100644 index 0000000000..5ce3e0d034 Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-details-view2.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-details-panel.png b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-details-panel.png index b5dee50cd9..09d44a35dd 100644 Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-details-panel.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-details-panel.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-user-details.png b/windows/security/threat-protection/windows-defender-atp/images/atp-user-details.png index eb1366d9cb..94c0f5cd1f 100644 Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-user-details.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-user-details.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md index 48eecf008b..489c8f8ad4 100644 --- a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md @@ -111,6 +111,8 @@ You can manage tags from the Actions button or by selecting a machine from the M ## Alerts related to this machine The **Alerts related to this machine** section provides a list of alerts that are associated with the machine. You can also manage alerts from this section by clicking the circle icons to the left of the alert (or using Ctrl or Shift + click to select multiple alerts). +![Image of alerts related to machine](images/atp-alerts-related-to-machine.png) + This list is a filtered version of the [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows the date when the alert's last activity was detected, a short description of the alert, the user account associated with the alert, the alert's severity, the alert's status in the queue, and who is addressing the alert. You can also choose to highlight an alert from the **Alerts related to this machine** or from the **Machine timeline** section to see the correlation between the alert and its related events on the machine by right-clicking on the alert and selecting **Select and mark events**. This highlights the alert and its related events and helps distinguish them from other alerts and events appearing in the timeline. Highlighted events are displayed in all information levels whether you choose to view the timeline by **Detections**, **Behaviors**, or **Verbose**.