deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 12:53:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Updated investigate-incidents-windows-defender-advanced-threat-protection.md

Browse Source
This commit is contained in:
Dolcita Montemayor
2018-09-19 11:02:00 +00:00
parent 5f84ef4a5a
commit 1f1152e298
1 changed files with 6 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md
View File

@ -33,14 +33,12 @@ You can investigate the alerts and see how they were linked together in the inci
![Image of alerts tab in incident page showing the Linked by tool tip](images/atp-incidents-alerts-linkedbytooltip.png)
![Image of alerts tab with incident details page showing the reasons the alerts were linked together in that incident](images/atp-incidents-alerts-incidentlinkedbyreason.png)
Alerts are grouped into incidents for the following reasons:
Automated investigation -
File characteristics -
Manual association -
Proximate time -
Same file -
Alerts are grouped into incidents based on the following reasons:
- Automated investigation - The automated investigation trigerred the linked alert while investigating the original alert
- File characteristics - The files associated with the alert have similar characteristics
- Manual association - A user manually linked the alerts
- Proximate time - The alerts were triggered on the same machine within a certain timeframe
- Same file - The files associated with the alert are exactly the same
You can also manage an alert and see alert metadata along with other information. For more information, see [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md).