From 1a3ded1919a5114c4d44256f67f266d9a07c04b3 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 21 Oct 2020 16:18:44 -0700 Subject: [PATCH] Update automated-investigations.md --- .../microsoft-defender-atp/automated-investigations.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index a0d5e99a7f..337e0a464e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -78,7 +78,9 @@ If an incriminated entity is seen in another device, the automated investigation ## How threats are remediated -As alerts are triggered, and an automated investigation runs, the investigation can result in one or more remediation actions. +As alerts are triggered, and an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. + +As verdicts are reached, automated investigations can result in one or more [remediation actions](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation#remediation-actions). Examples of remediation actions include sending a file to quarantine, stopping a service, removing a scheduled task, and more. Depending on the [level of automation](automation-levels.md) set for your organization, remediation actions can occur automatically or only upon approval by your security operations team. @@ -86,7 +88,9 @@ All remediation actions, whether pending or completed, can be viewed in Action C ## Next steps -- [Learn about the automated investigations dashboard](manage-auto-investigation.md) +- [Get an overview of the automated investigations dashboard](manage-auto-investigation.md) + +- [Learn more about automation levels](automation-levels.md) - [See the interactive guide: Investigate and remediate threats with Microsoft Defender for Endpoint](https://aka.ms/MDATP-IR-Interactive-Guide)