From 34eec82cf6a4106538855a4f9888a8bcf5decdbb Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Wed, 7 Nov 2018 16:14:27 -0800
Subject: [PATCH] add threat protection content details

---
 windows/security/threat-protection/TOC.md     |  1 +
 .../windows-defender-atp/TOC.md               |  1 +
 ...ows-defender-advanced-threat-protection.md | 22 ++++++++++++++++++-
 3 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 3145f56988..4d214ce44e 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -312,6 +312,7 @@
 
 ##### Reporting
 ###### [Create and build Power BI reports using Windows Defender ATP data](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md)
+###### [Threat protection reports](windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md)
 
 ##### Role-based access control
 ###### [Manage portal access using RBAC](windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md
index f05f3f551f..b49665a4ea 100644
--- a/windows/security/threat-protection/windows-defender-atp/TOC.md
+++ b/windows/security/threat-protection/windows-defender-atp/TOC.md
@@ -311,6 +311,7 @@
 
 #### Reporting
 ##### [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
+##### [Threat protection reports](threat-protection-reports-windows-defender-advanced-threat-protection.md)
 
 #### Role-based access control
 ##### [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md
index fe34b0a4ae..8490b804a1 100644
--- a/windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md
@@ -31,5 +31,25 @@ This card provides a graphical representation of where alerts are coming from in
 This shows the types of prevalent threats in your organization grouped by alert categories. You'll be able to see the kind of alerts that are most common in your organization and make decisions on where action is most needed. 
 
 ## Alert by severity
-Identify how many alerts are of high, medium, or low severity over a 30-day period or daily view.
+Identify how many alerts are categorized as high, medium, or low over a 30-day or daily period. 
+
+
+## Apply filters to the report
+You can apply the following filters to get a more focused view on the cards.
+
+### Start date for 30-day cards
+Select the start date for the 30-day cards. 
+
+### Detection source
+You can filter the cards to only show alert detections that were triggered from a specific source. 
+
+### Category
+Select the threat category to only show specific alert categories.
+
+### Severity
+Choose to show high, medium, low, or a combination of alert severities.
+
+
+
+