diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/event-details.png b/windows/security/threat-protection/microsoft-defender-atp/images/event-details.png
new file mode 100644
index 0000000000..05ac6c4637
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/event-details.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md
index fe9095c926..5dc2c27344 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md
@@ -144,6 +144,13 @@ More details about certain events are provided in the **Additional information**
 
 You can also use the [Artifact timeline](investigate-alerts.md#artifact-timeline) feature to see the correlation between alerts and events on a specific machine.
 
+#### Event details
+Select an event to view relevant details about that event. A panel displays to show general event information. When applicable and data is available, a graph showing related entities and their relationships are also shown.
+
+To further inspect the event and related events, you can quickly run an advanced hunting query by selecting **Hunt for related events**.
+
+![Image of the event details panel](images/event-details.png)
+
 ### Security recommendations
 
 **Security recommendations** are generated from Microsoft Defender ATP's [Threat & Vulnerability Management](tvm-dashboard-insights.md) capability. Selecting a recommendation will show a panel where you can view relevant details such as description of the recommendation and the potential risks associated with not enacting it. See [Security recommendation](tvm-security-recommendation.md) for details.