From 1f1152e2986f24467072e7e5360797c13581844a Mon Sep 17 00:00:00 2001 From: Dolcita Montemayor Date: Wed, 19 Sep 2018 11:02:00 +0000 Subject: [PATCH] Updated investigate-incidents-windows-defender-advanced-threat-protection.md --- ...-windows-defender-advanced-threat-protection.md | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md index cae85dfb3d..c72a7bc08d 100644 --- a/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md @@ -33,14 +33,12 @@ You can investigate the alerts and see how they were linked together in the inci ![Image of alerts tab in incident page showing the Linked by tool tip](images/atp-incidents-alerts-linkedbytooltip.png) ![Image of alerts tab with incident details page showing the reasons the alerts were linked together in that incident](images/atp-incidents-alerts-incidentlinkedbyreason.png) -Alerts are grouped into incidents for the following reasons: -Automated investigation - -File characteristics - -Manual association - -Proximate time - -Same file - - - +Alerts are grouped into incidents based on the following reasons: +- Automated investigation - The automated investigation trigerred the linked alert while investigating the original alert +- File characteristics - The files associated with the alert have similar characteristics +- Manual association - A user manually linked the alerts +- Proximate time - The alerts were triggered on the same machine within a certain timeframe +- Same file - The files associated with the alert are exactly the same You can also manage an alert and see alert metadata along with other information. For more information, see [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md).