From 20740ba776984930eea5bbeb4a7640e0caa6825b Mon Sep 17 00:00:00 2001
From: Lindsay <45809756+lindspea@users.noreply.github.com>
Date: Tue, 23 Apr 2019 10:12:13 +0200
Subject: [PATCH] Update
 manage-alerts-windows-defender-advanced-threat-protection.md

Added info to alert classification.
---
 ...anage-alerts-windows-defender-advanced-threat-protection.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
index 9e41349720..f897d39fd6 100644
--- a/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
@@ -104,8 +104,7 @@ Alternatively, the team leader might assign the alert to the **Resolved** queue
 
 
 ## Alert classification
-You can choose not to set a classification, or  specify if an alert is a true alert or a false alert.
-
+You can choose not to set a classification, or  specify if an alert is a true alert or a false alert. It's important to provide the classification of true positive/false positive. This classification is used to monitor alert quality to help tune alerts to be more accurate using this feedback. The "determination" field defines additional fidelity for a "true positive" classification. The determination contains values for "security testing" to address alerts triggered by intended suspect activity such as pen-testing, which are true positives from a detection perspective, but it's intended.
 
 ## Add comments and view the history of an alert
 You can add comments and view historical events about an alert to see previous changes made to the alert.