deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-22 13:53:39 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update manage-alerts-windows-defender-advanced-threat-protection.md

Browse Source 
Added info to alert classification.
This commit is contained in:
Lindsay
2019-04-23 10:12:13 +02:00
committed by GitHub
parent 3e0eb12849
commit 20740ba776
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
View File

@ -104,8 +104,7 @@ Alternatively, the team leader might assign the alert to the **Resolved** queue
## Alert classification ## Alert classification
You can choose not to set a classification, or specify if an alert is a true alert or a false alert. You can choose not to set a classification, or specify if an alert is a true alert or a false alert. It's important to provide the classification of true positive/false positive. This classification is used to monitor alert quality to help tune alerts to be more accurate using this feedback. The "determination" field defines additional fidelity for a "true positive" classification. The determination contains values for "security testing" to address alerts triggered by intended suspect activity such as pen-testing, which are true positives from a detection perspective, but it's intended.
## Add comments and view the history of an alert ## Add comments and view the history of an alert
You can add comments and view historical events about an alert to see previous changes made to the alert. You can add comments and view historical events about an alert to see previous changes made to the alert.