diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/atp-incident-details-updated.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-incident-details-updated.png new file mode 100644 index 0000000000..0e2d2fd929 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/atp-incident-details-updated.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/atp-incidents-mgt-pane-updated.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-incidents-mgt-pane-updated.png new file mode 100644 index 0000000000..88d8fb23d2 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/atp-incidents-mgt-pane-updated.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md index 249d6de806..8ee9cd8e12 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md @@ -29,12 +29,20 @@ Managing incidents is an important part of every cybersecurity operation. You ca Selecting an incident from the **Incidents queue** brings up the **Incident management pane** where you can open the incident page for details. -![Image of the incidents management pane](images/atp-incidents-mgt-pane.png) +![Image of the incidents management pane](images/atp-incidents-mgt-pane-updated.png) -You can assign incidents to yourself, change the status and classification, rename, or comment on them to keep track of their progress. +You can assign incidents to yourself, change the status and classification, rename, or comment on them to keep track of their progress. -![Image of incident detail page](images/atp-incident-details-page.png) +> [!TIP] +> For additional visibility at-a-glance, automatic incident naming, currently in public preview, generates incident names based on alert attributes such as the number of endpoints affected, users affected, detection sources or categories. This allows you to quickly understand the scope of the incident. +> +> For example: *Multi-stage incident on multiple endpoints reported by multiple sources.* +> +> Incidents that existed prior the rollout of automatic incident naming will not have their name changed. +> +> Learn more about [turning on preview features](preview.md#turn-on-preview-features). +![Image of incident detail page](images/atp-incident-details-updated.png) ## Assign incidents If an incident has not been assigned yet, you can select **Assign to me** to assign the incident to yourself. Doing so assumes ownership of not just the incident, but also all the alerts associated with it. diff --git a/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md b/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md index f215fda3db..0a72f9fa7d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md +++ b/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md @@ -63,6 +63,17 @@ You can choose to limit the list of incidents shown based on their status to see ### Data sensitivity Use this filter to show incidents that contain sensitivity labels. +## Incident naming + +To understand the incident's scope at-a-glance, automatic incident naming, currently in public preview, generates incident names based on alert attributes such as the number of endpoints affected, users affected, detection sources or categories. + +For example: *Multi-stage incident on multiple endpoints reported by multiple sources.* + +> [!NOTE] +> Incidents that existed prior the rollout of automatic incident naming will not have their name changed. + +Learn more about [turning on preview features](preview.md#turn-on-preview-features). + ## Related topics - [Incidents queue](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue) - [Manage incidents](manage-incidents.md)