changes to incident naming

2025-06-27 00:03:45 +00:00 · 2020-07-15 20:03:09 -07:00
parent b57882c4e2
commit 4003b93995
4 changed files with 22 additions and 3 deletions
--- a/windows/security/threat-protection/microsoft-defender-atp/images/atp-incident-details-updated.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/atp-incident-details-updated.png
--- a/windows/security/threat-protection/microsoft-defender-atp/images/atp-incidents-mgt-pane-updated.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/atp-incidents-mgt-pane-updated.png
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md
@ -29,12 +29,20 @@ Managing incidents is an important part of every cybersecurity operation. You ca
 Selecting an incident from the **Incidents queue** brings up the **Incident management pane** where you can open the incident page for details.


-![Image of the incidents management pane](images/atp-incidents-mgt-pane.png)
+![Image of the incidents management pane](images/atp-incidents-mgt-pane-updated.png)

-You can assign incidents to yourself, change the status and classification, rename, or comment on them to keep track of their progress. 
+You can assign incidents to yourself, change the status and classification, rename, or comment on them to keep track of their progress.

-![Image of incident detail page](images/atp-incident-details-page.png)
+> [!TIP]
+> For additional visibility at-a-glance, automatic incident naming, currently in public preview, generates incident names based on alert attributes such as the number of endpoints affected, users affected, detection sources or categories. This allows you to quickly understand the scope of the incident.
+>
+> For example: *Multi-stage incident on multiple endpoints reported by multiple sources.*
+>
+> Incidents that existed prior the rollout of automatic incident naming will not have their name changed.
+>
+> Learn more about [turning on preview features](preview.md#turn-on-preview-features).

+![Image of incident detail page](images/atp-incident-details-updated.png)

 ## Assign incidents
 If an incident has not been assigned yet, you can select **Assign to me** to assign the incident to yourself. Doing so assumes ownership of not just the incident, but also all the alerts associated with it.
--- a/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md
@ -63,6 +63,17 @@ You can choose to limit the list of incidents shown based on their status to see
 ### Data sensitivity
 Use this filter to show incidents that contain sensitivity labels.

+## Incident naming
+
+To understand the incident's scope at-a-glance, automatic incident naming, currently in public preview, generates incident names based on alert attributes such as the number of endpoints affected, users affected, detection sources or categories.
+
+For example: *Multi-stage incident on multiple endpoints reported by multiple sources.*
+
+> [!NOTE]
+> Incidents that existed prior the rollout of automatic incident naming will not have their name changed.
+
+Learn more about [turning on preview features](preview.md#turn-on-preview-features).
+
 ## Related topics
 - [Incidents queue](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue)
 - [Manage incidents](manage-incidents.md)