mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-17 11:23:45 +00:00
Updated investigate-incidents-windows-defender-advanced-threat-protection.md
This commit is contained in:
@ -18,32 +18,32 @@ ms.date: 09/03/2018
|
|||||||
**Applies to:**
|
**Applies to:**
|
||||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||||
|
|
||||||
[!include[Prerelease<EFBFBD>information](prerelease.md)]
|
[!include[Prerelease information](prerelease.md)]
|
||||||
|
|
||||||
Investigate incidents that affect your network, understand what they mean, and collate evidence to resolve them.
|
Investigate incidents that affect your network, understand what they mean, and collate evidence to resolve them.
|
||||||
|
|
||||||
## Analyze incident details
|
## Analyze incident details
|
||||||
Click an incident to see the **Incident pane**. Select **Open incident page** to see the incident details and related information (alerts, machines, investigations, evidence, graph) that you need to investigate.
|
Click an incident to see the **Incident pane**. Select **Open incident page** to see the incident details and related information (alerts, machines, investigations, evidence, graph).
|
||||||
|
|
||||||

|

|
||||||
|
|
||||||
### Alerts
|
### Alerts
|
||||||
You can investigate the associated alerts, manage an alert, and see alert metadata along with other information that can help you make better decisions on how to approach them. For more information, see [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md).
|
You can investigate the associated alerts, manage an alert, and see alert metadata along with other information. For more information, see [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md).
|
||||||
|
|
||||||
### Machines
|
### Machines
|
||||||
You can also investigate the machines that are at risk in a given incident. For more information, see [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md).
|
You can also investigate the machines that are part of or related to a given incident. For more information, see [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md).
|
||||||
|
|
||||||

|

|
||||||
|
|
||||||
### Investigations
|
### Investigations
|
||||||
Select **Investigations** to see the summary of the ongoing investigations, the detection source, affected machines, and their duration.
|
Select **Investigations** to see all the automatic investigations launched by the system in response to the incident alerts.
|
||||||
|
|
||||||

|

|
||||||
|
|
||||||
## Going through the evidence
|
## Going through the evidence
|
||||||
It helps your organization to see a summary and the status of the evidence collated through the incident.
|
It helps your organization to see a summary and the status of the evidence collated through the incident.
|
||||||
|
|
||||||
Your team lead, for example, can take a quick look at the Evidence page to know how many has been analyzed or remediated so far, out of all the evidence collated. It helps in the decision of ramping the investigating team<61>s efforts up or down.
|
Your team lead, for example, can take a quick look at the Evidence page to know how many has been analyzed or remediated so far, out of all the evidence collated.
|
||||||
|
|
||||||

|

|
||||||
|
|
||||||
@ -51,11 +51,11 @@ Your team lead, for example, can take a quick look at the Evidence page to know
|
|||||||
Windows Defender Advanced Threat Protection aggregates the threat information into an incident so you can see the patterns and correlations coming in from various data points. You can view such correlation through the incident graph.
|
Windows Defender Advanced Threat Protection aggregates the threat information into an incident so you can see the patterns and correlations coming in from various data points. You can view such correlation through the incident graph.
|
||||||
|
|
||||||
### Incident graph
|
### Incident graph
|
||||||
The **Graph** provides a visual representation of how the alerts and its evidence are inter-related.
|
The **Graph** provides a visual representation of the story of the cybersecurity attack (for example, what is the entry point, which indicator of compromise or activity was observed on which machine).
|
||||||
|
|
||||||

|

|
||||||
|
|
||||||
You can click the circles on the incident graph to view the details of the malicious files, associated file detections, how many instances has there been worldwide, whether it<EFBFBD>s been observed in your organization, if so, how many instances.
|
You can click the circles on the incident graph to view the details of the malicious files, associated file detections, how many instances has there been worldwide, whether it’s been observed in your organization, if so, how many instances.
|
||||||
|
|
||||||

|

|
||||||
|
|
||||||
|
Reference in New Issue
Block a user