From 41500b2269385ad836283ca8f2e6148df42d9901 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 20 Jun 2019 17:12:45 -0700 Subject: [PATCH] new action center topic --- windows/security/threat-protection/TOC.md | 1 + .../microsoft-defender-atp/TOC.md | 1 + .../auto-investigation-action-center.md | 54 ++++++++++++++++++ .../microsoft-defender-atp/evaluate-atp.md | 5 +- .../images/action-center.png | Bin 0 -> 21487 bytes .../manage-auto-investigation.md | 32 +---------- 6 files changed, 60 insertions(+), 33 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/action-center.png diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 3946fe4807..7fbe04c2fc 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -72,6 +72,7 @@ #### [Automated investigation and remediation](microsoft-defender-atp/automated-investigations.md) ##### [Learn about the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md) +#####[Manage actions related to automated investigation and remediation](microsoft-defender-atp/auto-investigation-action-center.md) #### [Secure score](microsoft-defender-atp/overview-secure-score.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/TOC.md b/windows/security/threat-protection/microsoft-defender-atp/TOC.md index 0f9409ab26..e8ce0c9dd9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/TOC.md +++ b/windows/security/threat-protection/microsoft-defender-atp/TOC.md @@ -75,6 +75,7 @@ ### [Automated investigation and remediation](automated-investigations.md) #### [Learn about the automated investigation and remediation dashboard](manage-auto-investigation.md) +#### [Manage actions related to automated investigation and remediation](auto-investigation-action-center.md) ### [Secure score](overview-secure-score.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md new file mode 100644 index 0000000000..1527dff194 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md @@ -0,0 +1,54 @@ +--- +title: Manage actions related to automated investigation and remediation +description: Use the action center to manage actions related to automated investigation and response +keywords: action, center, autoir, automated, investigation, response, remediation +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Manage actions related to automated investigation and remediation + +The Action center aggregates all investigations that require an action for an investigation to proceed or be completed. + +![Image of Action center page](images/action-center.png) + +The action center consists of two main tabs: +- Pending actions - Displays a list of ongoing investigations that require attention. A recommended action is presented to the analyst, which they can approve or reject. +- History - Acts as an audit log for: + - All actions taken by AutoIR or approved by an analyst with ability to undo actions that support this capability (for example, quarantine file). + - All commands ran and remediation actions applied in Live Response with ability to undo actions that support this capability. + - Remediation actions applied by Windows Defender AV with ability to undo actions that support this capability. + + + + +Use the Customize columns drop-down menu to select columns that you'd like to show or hide. + +From this view, you can also download the entire list in CSV format using the **Export** feature, specify the number of items to show per page, and navigate between pages. + + +>[!NOTE] +>The tab will only appear if there are pending actions for that category. + +### Approve or reject an action +You'll need to manually approve or reject pending actions on each of these categories for the automated actions to proceed. + +Selecting an investigation from any of the categories opens a panel where you can approve or reject the remediation. Other details such as file or service details, investigation details, and alert details are displayed. + +From the panel, you can click on the Open investigation page link to see the investigation details. + +You also have the option of selecting multiple investigations to approve or reject actions on multiple investigations. + +##Related topics +- [Automated investigation and investigation](automated-investigations.md) +- [Learn about the automated investigations dashboard](manage-auto-investigation.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md index 1abeaeef86..1939474a15 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md @@ -1,8 +1,8 @@ --- title: Evaluate Microsoft Defender Advanced Threat Protection ms.reviewer: -description: -keywords: +description: Evaluate the different security capabilities in Microsoft Defender ATP. +keywords: attack surface reduction, evaluate, next, generation, protection search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -16,7 +16,6 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/10/2018 --- # Evaluate Microsoft Defender ATP diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/action-center.png b/windows/security/threat-protection/microsoft-defender-atp/images/action-center.png new file mode 100644 index 0000000000000000000000000000000000000000..02ad4445e66c71c394405614490de9e1f9f6daf1 GIT binary patch literal 21487 zcmeEucR1VM|EPXiv}RjHY0;`tyY{AAQCsX$C5YH0YImWfXc2pFiNuWA(DFg;nZydM z6%wQN=0^Mb{&)Yn_jjM?KF_`9dGa`Uz0doc*Lm&pdY$;FudBgG$4N&;Ma8K3?6Dyg z)dd6<)j6h%G!)3wqy%rupG%(4%zdb+*!a&r=QIuZep7(7zM48uXlH4zu`37`wQ9Zj z1A1cS`vBtW?BPvSg6erj0WtVeK#zew_TC^*Uyz4870adDcPMbWGx#G9Pk(Qald~^X zDRYk!1J79z8+ywZPFN;EQKqQ#)^Wkh>Grw;Kx)6d3K__aWZ)K&tK2cjW&Jd*tEf26XqO+UZGb zrod>wS=@1sS*h|=y;Ig4usAMUs< z2mA$Of9&q<#nwk#pHYU=zP%|w;~%A+d-uQ5n=NHT2uCI@^&8lc26t_c<#JHBztjGV zS}3x-|72=7GNsP2gU?!K&L60Hv*4Dx@v^U5caUaS2mjJ}B*7%tuJCg^Dvk%RILf|8 zUfCvBk8RX99l1Bhz-|a+OSK8U( z1Ww;5I47ppXj6m?T*lDZZu$j}SH{x#sRzD=vjE8nD#3|1r!#fCDKR`lO|wHys?)Mo zZGZ7R`nlBt&r5^FyEzXTH9Y`V3AlXASkbMrz@m)X#ymu%?K8YlUp35QlU4gzuPGUx z_S`U!-F9|n9Y;HcuV$f5XuJ4J!o&}PB^bG`Bf+7&f!5eAIlLaN7NEf|sp-c==`ww) ztYa8P>EKDCl#~>DYUsgiB@c|Kdhrhesky^+h@H}IV-z2Hv25`NV^<%n2H0Gt>c<4o zI34MK=doqyQfVWR=xdHa^8LJ7tx~W)j3;I1v$-8EPId5@1nr8zq4loQHrBlPY4#dR z-=7v2NiYR{h9_X#;$}D-h5syb>sxv|6*$N(Ts%l66CIz79y(}rNEol>}+S(WIu->*<%&lq0 zZ`TswzbejeM~HlNeFlT1>yI@&vG`o`bV8eHsV;xhGNO1QTQW7sHWUKaHY(P`f!a(a z>R#lqaF1k!kZk>D5J5n3J=4NX*;=y;mwMY{ytyW9?{?=t zG*A3mYFUUW&VP^rUxV&;izEH_xcPyNQ*YMxa;~~*2R?3%+#zE_V}@kW45f6_w)XVY z*hdwECv^zBFtyO&NCEZ6K{frxcW!BTK6aPhjg!>%jd)ID>jo3O3G(WTDWBB6XQ`#` zhd*jEImT;d+@k$Y%n6~vkltRVu8k2wYMi+_euL$7xWC9$_RmiBnMoszzn!5qIGDDf zAY+5jKs{Av4F4JjUvijVsSv%a`bz; zXuuknG5&3?@9=#~FnnXV7VRFpYgj5mB!#ui#)$*AdH@z`;Dm$YCbTQ2|E=%fyfy2U z-E5l!?W}Rr3ISHj?XGnB<@1T^*-tz~2UL$k%DOGb)6Qk!Et<*lHlh8`u>ZP?@dX$4 z6b)Bn!LN*RcX3*~66QH2UcX2qQa@@KGk9V5)XjG%s!|9dRn=${R#i9;)7U8^Mhia@ z@QASNZ>^_ZW!`~(NVsZ*4zft+RYF&zuUC0&9wl*`?6Sp0vV%Z1wRIIuHTdk82*bD` z-)t)v7G>M+_zqKUo(E!BAzodhBsD}Mg{}=I5||~`i#@hUWyL8HAd*;4!v}+;4%_}*kKu!f)GpqU z@IepoczoDs;96-o(Op>~tNB;z!gk)h3{Gg&j=RP=T$L*B`G7RgskXe=CUN{x+TXPnOyy00F%dt_IE%+=*lzm| zo=Ep5vXWT9!W|Hv4%vMp&)oo35suEk-@#V`eE*O$=x27ucysHH?IF0Kc)>2aWqX3m zw-O(7T-)_*8EQR})9|*h`9AwtWO0EA1W=s+QgfOchmT|4-Y%?!nRsnne!_QH{;bn< zT*7}b#LRYrtY077B`sJI=(z1Ov0N@T`|A}c0Ekz@U-*NeOsNIMfcme2qcOH-{yWCo z-I*4xS2bXE{1q6uQ&aXiH4P-b!tl41) zd%HTtllag)UrNIsH5jX(5=%JOf8S6tX?nmxULAg&1Iwea9&AA7zbu)PUQrOX_Bq(s z7PCU(Oh-+cJv#78a8E$CmzF)yd$b zLmQHJ;&wFK8YB6`4r+5l0QIqv-B9?$+l(rxzx;I;Rbwu1aHK*Gbl(8VJ7i9rl5VKkA<#ceYU zL%@O6tDIw6!?4_^-&ekUy3SwK;h7((3TKeSGV z1Ti4g1`n`1%D=+e;k)Q2(cwpfkCewwj-6q+(3i<0>uhaLCf>%sC353u^mO;ktTkN( zh?gIC=oX7BKJBm!7p^Jb3(lWgib4}6NFtH2%&*3c{OCnFlXn3lcEBRBXTNq;3O*8C z%kbZOG&wVq;ml00>bElpA1fiLjSf}Xit;J6WM0j2v>Cn4@naj??a1@v3a44)uMS|l z#rySrT*WLl(Cm^mx0?G^LGR+SCT^{z1wNcGRV%734Ji}&vkT`7O<{m6*TDnpn$SD$ zE5yw@9fCW@OOFR=ZIP*NBjD74;due|f>F7+u3B=K`ZTIpymGP1BW9dfGEm{6hD`+Y zFHMEI`ih{V8jhx>97N=;LHo8#@AFxJ906<7Y9^%x=DRvk@owAw;3F>PrTKKd?OuaG zM!lOuPKr@m_&NivF&lC8VqqW;_xQJ20LO(eVY?F}&Pg1%nVT*y*lSQL`6$lBeKfa! zXJxo4_^^6ySj?iC#IIA|7<)k2PPUmgTD5pSVx|*?F*dBPX}+iHr&9e)F^hXZlIWOJ za%)zRaDyGuTo7vQG5Zm+G~UaWDx@JYys?eFq$#KcTc3)6NkhI`GYdeC=rw7jc?L5s z`6L+V7e3l~kDOUN7n~Rm&)-vb*^=fVMFhY_{u0eh?UOkm=V;f&xt4E9X`4J&5x&o; zG?l-|t%rDl@O2GtQab`C@Nz}Fj3;j|cI&~9P6W~Jry*_@GMZ^@{&(-xxJaY8YhwVl z@+YX3`8KV9!BI8A2@1PHjErt` z2Jz#`vfI)4Yndw6ddQQ99o?}cqi)_{mvyPos2Wo63T!p($B|hjw_Cd%m!jl1$JmE)F---21R5SX zlFYLz$_e7t!K;+kaZ)Z@j1Un4IrL2FphO;$st7hPX9@eMqV>BL3v!UAA-(lTK~Y0Z zi4NiI2xveQ=#WoZUv~^c`z7#~Jkhqk;)qinHrj@^|HFvc`8s~hDzuLtCl*_(Z?b?$ z&3Kj65aFv&-V_n6bsjTWY3<=mQLycncOb33Q=NPwao5;Sz)5&^KLX+udpT*o--GbL zZecwjs8b24$!!%Y*7;E8*`&fuz&xB_c%b@*W zQSFNO%gzRumKzBpOdQ1>b1o{v#e#&NJRVKEcg5ZvFkL zKYfvsbvSF6@BRPY|I0KuVly!xo?*ShZL-h4tr4Bps0$Q4LeofyN?*IeU6{f)(VAE9 zBXiH?^}+%-lE{h=dm`OB3v=9-0fqCnIQ^Ijy1uY+{f{JN3puY&&nP*6%WuA0xqT_P z3J9|?KTducvYlsw@hnn0@Oxr&yc^*GS>Eec8oN(MNG#;@vhwXqIei=oXC7RYe3I&p zTC@1;+(#tTBLK|?_zx!yV|*p2_aUn47A&S1q!l?s>)yVf&Qx`y+Z(xQ+&%I?e-?io zik(dcJZQKrs%2OKT|=w-GVyCK4fMr92m9goZ7rchDZvP#mVzid%06y102}<&eSMXE6O`@WI0lT`fGxiA zIu3AL`Gcm+rvR=Om@R~%=55k|ZX6_K^~QR#wA|tzGL%6*4F;O?QYJ)sq%O`Xd^vE>(gXT(Lxi^$Qmx;S93LM zKWXPimvx-Qa(~jymYI?4%Sr%?>9vyV@@Lc{S0OOIl&4GRvy+~1Tc3#G1G@$cbsB}C z5qFgxVQwcaysSOaLcrw1SLPh4aqPgf%&pJ7_60pE_V)m}Zsu)~(Yc|w|Lnv0ddMox zqJED3sd)*zjmQ@z0)qTdB;j-mF&;9dU(mx-_T!djb5^bwwa4Nh+Hz|!pPOW7TZvs^ zb|HNRQ^KR>>HM#AZo(&4oCA4}!NWL`S$B?>X5gqv_(4hQDGfM?G{p&?!%Rw`)iA5` zIGYN?@Gzma+3Gr%MCp=uc_IZMV>Ce+2`UqomN8hmbQ`9Z8o%}2H965$#Nch`dQh**BE0bFKH*+U*nId2A51yyl1UT$mhYaf$xTyA2h7`;Wgok#v3-P;wz&z zyWU_4V;0kVQ^quk-bjvh^A=`CGU?zFelvs#poYNhm%H9!8Y2rnS9se#iO|gvp4x`- zb!>!FJ&)@#h{W>ETgExaX(z%u4QGVE0RCve>u^Iozw-%OX)z@K;9_w)spm`_MeJG8 zMzl%55Tv$CRpdf1P_%N!Aq;O0ZbMGy3C8RfSv6lYXxZT9A8p)y!WVeyE5k!&Yx9Wh zWLZ8*W4%?eFI%t;=|`-X+=CYkf7tjf>qx~BcI^K8_>jDi*`5urQhHzgS?eS(LvR8S z95`zW&LA3%Ax9c8`LSxl8ht_VhdgZa8IBpMNry{L)J5j*!S}!cc3*~A3KC#bw5n?Z zLdI?8mJX1>kTui{=Oa<0-RnZ&sM16gV0e3R;CVvZUp2T7C!WKJP%jlGH;z2z5%O<& z6rku6RpUCA{i%9M%fevBp5xcSELYA@6Mw1_=!=w`>p)k%A9#F1P`Ao`8-U_5cdVN% z@K{5^-!&&KBZIhfF4?nMrk4s1Gn65L;e`(EAYVr7i$GF|GjOT1je{Q>*s4GpaC2PV&)qMTSzfPGqtrOtdsiz0)7 znSN{CM)#@im24cElxL==WK|H?X%~61_E={yh?P(AX&jwFOR@s1AhW^ax>@&7M;(du zvd?q3`+&Rx+WprA_V1k-e`x4<*4CzW!SWC7sY0N-y1IQOlmJo=s`^jQ1E6Y11h@5# z9FF>a7ya&blwNBk#o~nE%^ux4s|`?5>7P=3__6A@gOtvO<=bMTyR?LxIFn}Fr4{qj z%0yQsxZJv5aVQHtoMM>bJKG{NH2y0M$;oX8%b)gjF3K`3BrRbz0OCtWxL=Vearu{O zrx(2=zEzzW0YM=n!{x8MI)aG5CN=uC`|CgJQeC`QUtiBC|Lv>>Kxz6cEr0W(R2LZj zn|q%YPVUZSO)xDr^5`Ap6~Epp0!tV!&NsU+yZl`{ef#LD3D7chgh(5*p-X#Y%k|J$w7 zzZ?Ev=}{^L9kDzf|EUyERsUzMpZ`0v{`b7=JT=OCw#C=d!*&H?qhf90Lcd7uD0-@q zIT4+}EwGp(Qc8SeL$TS2=hXOz$X`}EUnuDAaPE1Cn5cRuBeG_&?ViASPT`Pxsm#xJ z@b?aS&3SjTDOl^(tb^)EiSXGwuLYLMhu9K8Cm$Uf_R_~i{j{b}Yf}WGOHllpDMK9s zKjt|neY4n_m8`x)P#&$7VHbzq^GC7r=)kW(w%=ZKG_3ZJ~A(Eaoa_Zwn6=1s; zfv2k+{tX?;hs4)Km;0b9WoUINooB-$t&IWVDBt?_=nwm zXwEB>Jw*Ocak1eKJv`W1+_W&98@zbmj3NUA4%DEbfpMs9rC;DiyXS-YeQXzfmyXZE zB6z8~6|UpMi!QZ4wk@S$wk_>#B|})hjUl(ruPmAFE9y4{eQN(??S2v2ouCGVcM0T! zHh-fksZB4XPE2V(V^gszo8y>HIHAM7F3e96C+}NgiX>!Sj0wiYzQOhv068m`10k6G z+JIbQ7~@qw$uljw&$83XtiJf|&G^x=p8C-YvN}3d`QQm817^$roOFDbkeZtNC~RVD zNe^wcSkzyQ{H>1}A@&#)ZdH6C$vWB38{Hrln~q#BNa|vv(}*?*SbEwU9ce6aI6WD? zI$x)|#wx3k#$cqK6l+jc(TxV}U*C?59I2bT79CZI4!2MitMm?rTv4%#y{<<4*5h8c z1A1{fW<#zC71p4~tV~?Wn-EN{hK_k-A+U?r3c6nH@N|tC{c8QnIv&5te0=P-6VO^g zYa&m(R1eHrL=TY~w`HH|^ItKccrF<`b+G*}Q;P)qQ_J0gT=w7+e??e-ujO`FuIUOY zU6A-$?qspPdT3r7jq}ZNUo+|z&R`#F7nFBFb^ExpkNU_dWu?`aREj?@_O@#R#jL-b zT*)O=^hI~e_DS}eO;A^O)q8b!GXPSJ{OxRA%*4Akk5FVk#tSOV4EA4f_~2A+%%p4T zESs}JqMw>mAYs8>rm3*zpuV)DfT2Tb=i9&bmuEmc^@st##_16jX7Nqc@`EL5u|Us; zsqtX_CaZ-^OoQ;rmqQ1O#*vezyG938J2aN-EziwxUnanH&H9NhHUxAG|+UK#Zi$#c0*(kZ8z;($vSvSTls0i5;vcneq~NHGu2 zVW%4|{T3^CDb3d6J+n;CEvaPO6#lNz)CvCZA4t>UKLmE${mEeKG=vWx3fug*b{NU- zFTO%nHAy)jyh^n`X0U#@v4K{kY(z=RkViExsm%Pm+w8b&pO5cxg>{|Iuq%<;9~K4G zj04aoX);r2<1^*TSlv`CX;32`mbSTp_Q%~aXIGoAXVv`eiHURi`cq!Bu#4?>+Cm*F zbp5@d&St;^@^xkrvnqz|73ZuPkZykaTrzsJzG;lqa4%>4TNgXHNbzB`jLtpeV0H1c z=rNyKpW{Nb5yI*NDq|;M>)E_qS;j)$=k1!f!i)v1Hw z0LX2f!(qi3e{1B5(gkLGD@%TuhpTVRLvQA{w0%<5W(?e@FXs!;mTui10kcocY5Sl{ zyzDARl9V;S1hX|h;2fi}zwbtQ1Zv6XI|#va2pe@UK}1Af)g|d8y`ReyE6nAvE5}t& zhii5`6?X!kj5V;BsNxEAe6CiPgXa$eO`1svN9*Klq^cF(mV_2HK!L1R(g9Hh|Mo7<@i7Ei}yrY*;*Au{Ct zJUD%+@H_bXz#h`5!_@CL`3K+NlJA5+{;5ZY7!(Er4e>iC^@~W+BE(F@?z-A+J03lt z^sMUBd1Kl$3Ow(Ng5HQ1P?@RwT?LVsqR}P!6bU4kj#rh1N5aJM!}I`ilO=C4OLD`> z&tHDv?25*CaM%8h2gA2UcBXAZQu1FiV)CSMlzrY&56YiAz)^MAFupA# zwMcs12mRXE6bk1)loFj?GLvtL!9?Ia^DZ)z@#Dyv-v}+dM#(PMZs%O`>fM+5%<_4~ z?yBD80Is0C0}i!mI8DkQm)q=$F*Q^F8-P76;OhC(^HfyX zoa{CMZ`_ejd|xzPRLl4VN1)c6hFU;hEXb`~7qoX_S^_?>sFj~P-wpfJVDQuj1VY0t zZ0YkQAGdcM%8gG~Chj0`&K4u7!amHCM7#MLwJylFvfaaxyDMJ+-#M4mkii;G_`A)J zg!S9m#hfbR63}mRuu)eD!kv>lw{0vkg*H#V>}_pHW0;DdsgG(HqKIiY(hTa}&ej z8uU1fR}PCB*laL?3`5nROC>>g`&=7e+pfzo0LI(kM(#AY zACSvAG{iQ=fn;ipsKJceue~&%FSuD}ir)WJOKmcwZp5yc*N(8&ppfsT<%@0KB@Hcc zMfjEPNzQ(q%;S^uQW)H`2e8Lyp82(lRmdZD#^a68TCvAZGh#zT$YtWj{WeKjZj;1n z^l15N2_fv0U<~~v#YxKwklIKdP7>JLzVNi6c|B0h>hO#(WPODfSJIGO%xzh}XN27S zQu~d>KnLe5@h8(`-KR}CD=jP_rr2+!-!=W$stO-6^HpzjhnXyG6jhg#UBy;wjqRsK zi(lE(KV%ke#EnhG($~6=+zI~FJ!*M>$9eBEVmEI;wcweUWk^u~^BNq=r4zFMwfN;v z*CZUM2-%-Ep1xa*JajjnTS~IE{zfj7Y)4GOupz|9t)fjAQqDW=6Lq5=aP=N+4tQfe zH#}26dNAIU7ZrXKmMvT^VTY_GnM38OU~Qw81UDMzlrFlc!xOOPS$`I zbFc=tQ#@y7Ko-*t0RRmEFZ?~i@;m;AR}W#ZV~nf3OTpEL(LT>DJr4vH>By?Y@Dw#L zPMs!nRFtWBt+A0jzOTG1s0;!gK@sv-x|MlGEw=VIuV19Af3nNGl7HUTZ}4;TWbS9_ z8OGT5KN3ULzY|iR>+tfr z#AsZ&rD#KAwks35La@gz{Cgo?C{8>0Bcfq7N{+ zH?#~}7RwRG zPW>*>tVEDuDjw87LhveU!x+@`)b@(+h1#Tcg&1v3Ky18P0G~(A!c#y~8BJeTS=%9w ztynZYG24coYi(aGz@amkQ+|BUhAZD3i+L(rnuobMIfcN6)+7r|iuFbtOCV;wQf-#( zi#HKfXu&Q8R3frx91c~D>8Cz43n;u)CHq|lU3ue0mIfs}%akY+4>b>LL2PcdXEmJa?*rJ*Ktc;gad4 zp>xf{$L$5a6{m;DMo+V4lgAV^Fo}?@oO!N3lN(9F*-qk% z#ciq*BY4X$UvlV#^Yjmq8wKJ#LBG$5omCQ23llk2c#V(s0#c3;w%Y6`ruHAv{B%#y0m8Kn&55Z8_7F@Yr^zE+U+ zvnaqT++{Lgd((XG>w0xw3&myj8=us;MN|E2n)J>mQu0i#GMharFFbJ-T(MWgL(%)s zi`$$&C~8uNX-Z{1bvt)U-`w#%=&{Ae+K*1Z>v>;?xSC_bU&WdQ@?>yN7AQOfDXc!l|q zc=rgtjrX;HgvKlAOYZn}bN@S+p~y?DJ$)yEds) zx;5v28v_d{WeM+aIfm&l2CL*ua3~=GeRKkjQ*bCw22THr)xPmFlXraG7Bji ze?Oj^(l`6#1d(*828*EQqKE*4wn>E)<@TP9Bf4Xb!CX|Dp`(D@aI@di@x72*y;)bf zasBC}#5YlCtA>&5WYC0KRL(Lf^j8{4a%8ZaiBc3Hlh5iWN<8s#JDgJztL*XZD_)34 z|9&z)tdW5guCUEJwF^lJX;q~718T?SeFSYl=9%IP1k3yNT;O*6v{w)3&YKRLIQPTz z{cHRa0SNAhAl>iLB}KW9xYW(eWqiyMb4^DrZF=Ji8T4RS8LcwbKGV{NvR+TV(8cw{ zX;r(Kei~XqR%d?f9Y{!R5$tAYa{`Fli_lUXN$?3g?HZq9OHI1#RsmpPnYGG9eibhX zaGwhiGge#?>7Pb&qqx3?)&{CiQxC|<1erk!F9701{W&6|rL-6BwmCMDymMaaMENO} z1PMHC5Wa0qy*ZOV@VFpwdCD-i`d7ShTwT{#?@taL@8cJJ>G?-@C#ts|3jqs@Y;6g; z$@K9KiRQ!frl6O_*ObeiQFm)}@^v=2)&BZdNjD`vnthm~3&$dSS9GXK&&1ZxD0*VS z!X_X$K}z(w9w(1-ZQG8Lb7lqNiBbIzKcn0bL|88K@#s6FD!%Sdx4UAz zZa&&9=!DrB!05Sr;^<8Hgh!?@^XT`NYw7A%qFV0G>-80KdXawv}^;3iEDaiL(r3pv# zh^R;CU5*7S;XnX{}Sz=B#2y|w8Tn|{A@G8`w&2wm>MUv~sm z^_1Ve6*f0Q^GWM|anzI&k*YBpo4CpDz(1bIuaoYsa7Cy1Xj+7#!*>m0Z~Sw9bKo)F zR_-NH`Q0r_MMOdnWlDk%yjDGVG=`xVSou_Xf9L-+tgt=NER>Knu=Pb3T1=g5%Y=5Xe0ztAE9Ln@~hC~B6)jp zdKZwBUN32dy`sPV+_cLl;acwdd5Xk0$wbLQ?Njo5l#J_bMjKhiNwSZH+JerFJ$%-2 zTEix?zk|xx*823uF#Pys`;I)nk?@$M;VwPbuKiGS#r|%B#m)P-xvXMsjA-L`KbN!u z=(be~=!`O^UO|5DoQUXh8~XoJ6g6+tK~uj!t2lB!XmULlTUp&3!q(tt>IDm4iyuJD zZP=qwBLJJ$oGzTWtn}BUn*?@@T&RyoQooRb1?Q+b^dX~Io?EDmyNO*&&WAQrK#gw( z@lm&Mr`le5PE^jc+y$!1>&?xGbg+pObUR89%HRx$0^iQ+U!QEAz@)GJ<1CeWi1}CU zv`BqNsUXy?ZzwdNZShpx4cbl(sIjGwESS-Z^lVhH1#$pA_8po(z*itu$4S)0m$)+H zs{yd^k%pKZWsqXKt@*E|_hY#!zsg8()+fUE6uF7m0G(}KsM@U8$hVuUMMC~;j7tgp zZ7K%-J?{mCgX@zLgLWEA71}TSR?7M^AqgUYVb}O6cXh>5=VZz+^M8^QdRg#*;U8mMF@f$n7Lzu@KOCx|2u`FbD8r;q$z$ag}(t-zUQIniUWTlwsLJ>(xUR zZQ(|Sh3<$%K)d_9*2-&`+>f8$&}OfXHj@iqfgoS~Oe-i=X;7%cspNFc3j!)EXr8<; z{<Z>>mX0u}IN#_U-Gh7A^oPkN@H1tb%L3cAyxefjLu{+(_yBd|p-QJI~jD zb=G{W*aX}fOC1sC&fWX%V5!ZJ6e9Mg@S5`L(KS0;Q5i2-#Dg+$X^taj!`7cdykqAM zy=FSEK!nin3HaaHkL!`l%vE?vT`ZI0oQ>bEgxKy9x)hyrOUL$0@s-w=YrkH>6Pq)w z23F+{)OJ-_Cr35od|OiUn46qY?!oYHrEGm!hvog%1d zBZHWp6B*4Y`+PGgWukV<#B*a#Qx=RXo$AsUhHU&0 z98Yevrqz2!w0c#5A_vB!nu;sHkcBGQ^^n{pYDoozzY>azV5Nwoq|07^`;wMs87hXj zc@eH}n~H8Q2|mzDtKl{%y8BkRxxA3n=^zw9&Az6PW=7GC{K2rBc*=?8TT1p+t8liO zEEs}3V02!#Nbj_2Owg)%^Y8JLHM28cB1et#Mam7C+_T@UQF(?J@BYb?Q2MVWC^dL8 z@jqYhTmLz#QXbrT@qex-vkNRVD$>RJsh*)jY11w6I}uHYwSd20sVEm_ld9`Wo5&Q3 zP}*yOHR<;MmO}J@O30o&O8y%T(VIsb-4e2WKCAU7`xzMXD#s8ZS}Og}i-^}$1~w<^ z$G$Ulx+h0fx*19U#b4<@zI}?sV#+9`wXgKoMslCb0uNa_+*_7UAqK$6Lc* z$G%5(ySCT#GKNZwincZ-ninG?*C4C)MAFwyiIK99V{$n1F6Fg8rSzzOE87jTrHGMA0Js@O`6=M*DkDsKR7j|qm;|a``zOk}(M7yJqTzTg^c3Nh znVp@@N!%ZcNCZCU1&b3+n-2idn>Y7Qo>8c{&@w%u(Et4rEjYc%e=}8LGq}WO(@{2Q zwwoXuy3)GmC>Ww-Fsst^yP&UWdDo}Eq~1DK!td@j(7Gdri!!&In>f;o+jdIXZ32y; zbYil??{^DlpF5*xR;s1P;m`8~f4sg<=0-Ua4{ASZWv(;+V5w;Kq?niLo8DBgppj4~ zJ!d25xuVi)<2;t9nLFOh{JO>=A(`q3w#%f0gFVC5M;}>Kb+t8ZvI{^ZA-015#Fi0r z(U1*d7G&lEg(yc6<#f*X)w#+}w1e=ggjAJzJIqGc%igrzYWL>g^3|JC#zOt4dF_>Y zN4w2xSiAWym{Law{ma>D>3)?vn&TDr5#5{0(BUp zHo(M!6!cX_4CYB@01VeJF2PnN>hDtR@!lKvqb^sEy@6Z(4?%toKQeHAPtg2oo_C77%y}1Og#r4nIp1va*UyZEW&Oh6@phr2f_W1|}Bp zu_{NGN!3|a4i4-n_FUh^3}sv7l3tIenoVjVoI>UP54%Cx!XhF_uguv~q~c>m|H_3o zUxSz8Mk;~boW%74OI?3||LD!hpYvallE!}G2TM*_OC3C+TP5lA5?}S3PYG*ql{NAi zKi-zZIp5JR>7S-~pd`1=&-mejoJh^&9a`r9#CnNT^l32UCy{;Rozxyesc7O5P_LjnueVX4T~6z)rW~JBU@M z+Y-IO0hz1K9&c@IF+=-SUhC{}`4jGq02ZFTsHY4(C`BJ4Y0Qb;c~F}k(#em6CqQQY z4Fw0ky%%~Cgfy#Y+28AyX!Z>^e-y!lEw^iR0dV)ZQySDbbl)Mf*PL{+RyOX$ zv34q`RWUX%hO%AX^)_UBw?e}kr5d*d7ELJ)4ayI>DuoYA8uZ8Z0vaPg?QY(oTuy3V z@-vkE6l!Y)+V{B*rz%z{l1QRpSh9)D$bj_qRyb3{Qq?_HefP#u>qLDqUvKhyJ`;~( zuC@h0wOPiyXI8-pVw&V*K=u2*`)eDO)1b(fmKF?+z|$MJGE?8@)qDWZN12V)Mr(^( zVwMfYc~4`ZG|!k-?isjE)L_X7Q&S;%5%9a0FAuaUsqe>p>rgF@%U>>aP4f0=D5*UY z%xyA$zZyf^q?j#&`mH)Q)*RYAUbC&DVCm^u-c5!M>tI;9xlys|Cw1-K@};(ALd@!- zoowFzS1C}Sc2a<~ntm%hGD}27?R2BNY;hYPBD<&Or4+RHp=a(h6r zKlAvEy~M-TE1vb16dhlS4O&b0AjV__>}EWtFjfm`fgWmHbI_`!J{ObiLg64CJ+mKf z4JkkExs(VrHa1%<%{%gyCccuoJs-`XBp{G9 zQtty>x#`#c%IW7^xet-)3{^{yC@lTytEv44@iR1+%`2-iAfm#ezNkjI35y#P=i)oI zV+?3&`!bZ%-z0dc zvvzvEprX2(d-i_;C|Z)puRH<9M0dc9Io{3_i6vR}8`5KYN`-t918qogsID}wJAU$J zRL|g`MO@8uyI;Th>;pB&rL2RzM07Ibtm)&7WF*&bQzn9ju)iAT4qcVsi>>uBh&Yqf zZLA35SUS8vb7aTr8r9bvAdJ0zAYUowej9!j8WtAD>Ay=5@27Og-{fhnGDXD10Csjc zRRu;A;i)PxgqmREQ_j=wAS`R$#rq*-oQ}EqjUc$G4sT2AS7`4h`z&~Wy@N+YS!80C z%*irr>qG1_0D(%h5t14|@hi-s15lo~72zfX0>@2cexb_IhcmlHb1KxQ==M8n#+PXQ z2#d0|EVHHxHjfb8B=+M)YhOc-54K6;Xhb;UjY4tjh5_o!SkjpEP(cB#0{tehE!=o) zeD?6pG?>`O)dz}UJJ;?{=>8%cn&X!+JM~Xq*4VNu_UDvE8_O<^rrqRn%sdy8{U&># z2WCH9$*;*`VbK{=5rEbPUz??Fv{$r8e4)4xRb0m)ojtyfaucSm7NtO76K%&yX%8D_ zoQt%#RKX5nU|;gW+9=`%FD}>5Q1XK&`p8vhj#l#9p0NXu0aK_Y`=tW*JPBnDpore2 zO^3Z^-|KIC77S-n93m?$EIM)=>i=!Oj)GshM9AL7-b`5|WxrL=n)gB?V%RTtG}4iv z1{zusinVN`r2Cf>acAlfaGeO7GmLQnug@y9D?wIECAzz=ac~q^EBnDcn!5s4#_NsN zTQ%;gtLsq|!aI?NgM(iiT0=3JzWcx=?Kp~om@~|3jbQQ*B1BINQ>Ii3TGU5RaB>Dj zcX&_MhlV_-h|qMi+oX>UhSav%*Jl+Q!GAdqW^47U%!^S#6V%nGL#LE z*V`9$X=!iw)=u9QRhg`}GJ925#iSbeG=M>#VC&Hd{q*&BERnxNOIx&qe0MBH+WxnT zRbPD5aZld{FRIbTvbw8F3ZYLM=B9X;D!V0yYo~+A8|isqJGVMoo7Gsv=8F6@3A2k+ z>PUgRe--Y4Uhi0dmo(-SeeSb{n$)zkxRzmgPJYv#1w!0p&wbV;5fv3HGQP~m+{pw- z!_W5#j)l_3wMN7`6H(UU4`7cBhh_s->k~Lz;o}x{o;fx_>raUG9eV)Vko^Kw(}4@| z1v#eUb)%T&26o@Y5=?IoKHtgqZ$6)dCyfk6<@?Hk6q_S%|E(v8SCb-35WkjU;dzC( z@!A%(CjFUT#BWE=ng%+326`ZQ#~zmYO?Q@hKWLDlTwodhc?rMjMe$KqiGJ1YU*-&X z^!#{ysxN<;s}xJJh5AQZFW)3M^WMozKbJK7c5pCv=5(SFKU&RW7UOCDWR81 z{bsE7)_sISLc+O~=5mr)?PGR6XQ2xNZpPvU7wmygyr})(RM$PW|EG=K%{Z zUN2-LlJiTn5l4`Hm`)%Kl(8;yHEPvIf!I^8qdZ`=A7azllcLz4qKG6O9fY3r_n21= zXR_4mf6uK!(^$8|!|!OQea0mwR)gL^?PYfAm0rDQUfOrqsQdKsDKK!Q+xz#o5Rj|$ z;-(!yxIj~8ylUDjgNy5+|83T>IfBLbL(bb+)KaK5rAVxokzlN)ZF##7)RW_RcSTZX zcy6vFJ_h^P?c;kZX=tepArF))G&vxn)6T};U14wgOv--}f>yFusPNZDi^A{X9|6jI z_=oM$(muH5>f@WrJ7H^U9h!GXw#N#p6CS&ZKMS-8GlxH1LDa|vPjW{B1yU^D*CkQWXxzcAPAzdlapv>fJY451L4nFuNsUS~?(t`2=&8l?|?1>q`14 z!Oz_|xKnRy>z9$P7OaFgoWKOu8k?A;a)aI76T7;!RFj2;h2tn4kh{A;>04Au#e*`c zWEuZR?x*Gm#;z{MWJ;>5)QW>8TI=r3A&>m_$9YX~HZ3hJeonEWM|S~N?#$RAU&4kA zL9ynD%b(;MZ7?+TtWXxd%Q;ny6*Su zzFyb;zLjni{E7D=p9X<2f}xxd*iq3gfw<27&CD7FiBG))E>~Da3CA;Sa2YWvX-W61 zZyF{XpSi4vG^?$nn$tuOW7UzA=g+za|Xwry+)>5!dsQ_=l;+YK#1gM4zkLQ&D(H&2r&&mHD@ol4uK z(e1Nb2%1~MpF$(k(a_nZy+ZlgB4v&b!m)ANT>r`L)GuF7E*X23$#nGgTJz%j$~`^F z{CuXx6My2>z(9nZ-E^2|fh3_L%CiJW+U%<)KVmKR4s8wjC#0I$i0jsy>Ta&Et4)*= zsXblgCb#I>=Ia~`d%UM0*t-?#l~Gewt1)I$oqxhs#~g)%({bOIiAK0`$K;sSXz{MM zF-OesXdJ%}(`N%@gURd5QyzibX-;po77|H(90wQ+ryOR+_US!o7eNA?^*^O=zAui^F7ef}foL1ysIqVOV~1#rjo2A&s}{l+iG9Y3cpl4uXiz-+ z+4M%hE{3Sbb0wcOM zL&ewDt99$^Qv}A^rQR@S!RFf9&^y-D7SV_RYgtIn&K_$p+s?n9$JrWn19k7&%aGa< z|3MdtB=qU}`!n!@t&jy0{j}ru-$eY>=EBvw#j!d2g;ZPN{TFuT_OC2f1zbF2p0t6PNos>YFz2>NvLy_GlvSz!?D*Le7yX`Y`?$IBP2Xo~_aB`Dg0G9OIrL(2 z^Y51y$Q4)b?z~RXNC?_Wh{NHSu~oocKG32<*8-V)4ajlj~%vJ>d{+e1XDJD@OldLmVUH~XUhN=y;O8#Q09n7KNXEYF_YGAYWjbEfbqtB z^!a(?>x-eo3n4oY8aXPn>Rwl2tRLoxs ztsZkUAS!T>>SDv>xd#Z+v!jvEZ$u}_=-xqE!OL_)EL4`;=xb62zE+9oZ8o)pU=40f*l~}uS3rcusS{|#3{(&Jse*LktX;&CHS_> zPJc|dxf$SXomcnbht{G^)&bW}ta3`2bhn+9&SWLylH$%%OQOF1`1?#4b@N9T$#MEGphj8ovDnYcUU7m8;Td*3^KC7bYcrs%C{e@TJdO zExQ)2uI|mP~?Nrx|k=iu~C(NZK75zXrdT<9`HgK@@MG?g4~ZVGpoTcor5LI zIQFmZ(%-rs`&UkD^bVAT9XjK~KrhrYF3LJIxJI3KtiHKZ=X>cI&%@Hn%3E}x_u|h3 z_@Uyf+d*H{L)LPGrETTTpUb8Sqpxe;?YN+oJ8K%YH4>KIk<&P7ynZ#f>rE`EvIJYV zHBZF9Y*=^G@}GQ8aac>yVQd@Qw`^NT9E{dyBh;u5bLMq_-~Ya4AbL+mX*hzsr>+=- z0q@KF{iqXC3{ptz_CWW&r=r?IPkVS9Qn2+DT3z;yX+s9~)A-q9Fum|2q`gn5Z}r_p zDIcLK``4~$IWwf*K>SCP`?&R2kWjc|U|(MzXaC77D-zGgm+l2CZ;Wg%bS+1WD26$4 z%W3BG?krxTdpCOd?m$I>8o!of%JNkfm38owl#+_bQ^z2D@TXr`bI-P2E?+2qc)r~4 zOybQ9n+_PNYSPlGo;XqmVA@gH4;fC1c#6|Jkfkh=p@$D!@zb(`N=jWiAD)MNJHBxq zU1^8fuj%t{kvxW6zznDJkIT@=pKQVEl~@m*NxSn{hxlS$D`a4xmCil#KeOa-C~PP< zE6a0zj%`te$W8M`wYNxj(aOAPncI7XCuaB-SvCR(eurnna<}%bc^mkj9i(l4d;j4> z>g{o6oElbWwbvwSIJdC(7&M`$ZjLf6M@mVvjFRiIa+=B|G+%p)On=5l1sKhn55D4u z#2CUHlwp~s%)R16s$%Cvje7o1FRbdNp@`1<8l z=lehh*S0p)hJR|5L6cpfczSw5D6Stawol(RLwQ}iKnQX1H#OJ%l2f(fSQkDh`g0{k*Z@AuKi00*M! zunj1BxMn(r){^GaBKZ6jylNOPso-Xa*SI=4g-WSlp1hN){f3;!yLAW57HTZ04T`pQ zd@2=}9{jyJ7nN~faP~=5-iZu?>Qr~Q(iDqOhtrkV*H!GH$(%C6Gs(!ZiDy#OHDp?D zdisB9mbO9tg@Afeup*jZaP**N@uzp?H7h zNK7lJs#-jYuJkY1Eq`?x`Jm$rA)w(e{cRF4`k`SWBBigNFv=!WNL>}QQ+L2Uaa56G z0heBFedj`SZ_)kz{T1L5731Q?s=ypVukgE*7}$YUDj%({qd%yya#MH0Bh0&ZeiH3e z!G8MkG-r6{DfP?V2QLD{d(e(Ru>|r4Dl5CRENmRUoj)S8%S~0$+ijPS+@(kWBKzx4 ziQ`Xq_X3E>FRJLTM~(mcJ@L`?T`mA1k-ylOzY1#qm+DrI9L9Kh&d&S(XWc?VOK??? V1VuQ#u4A{s*uY$$dc)=MzX907(K7%5 literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index 4db5431253..1edf8dcca8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -162,37 +162,9 @@ If there are pending actions on an Automated investigation, you'll see a pop up ![Image of pending actions](images/pending-actions.png) -When you click on the pending actions link, you'll be taken to the pending actions page. You can also navigate to the page from the navigation page by going to **Automated investigation** > **Pending actions**. +When you click on the pending actions link, you'll be taken to the Action center. You can also navigate to the page from the navigation page by going to **Automated investigation** > **Action center**. For more information, see [Action center](auto-investigation-action-center.md). -The pending actions view aggregates all investigations that require an action for an investigation to proceed or be completed. - -![Image of pending actions page](images/atp-pending-actions-list.png) - -Use the Customize columns drop-down menu to select columns that you'd like to show or hide. - -From this view, you can also download the entire list in CSV format using the **Export** feature, specify the number of items to show per page, and navigate between pages. - -Pending actions are grouped together in the following tabs: -- Quarantine file -- Remove persistence -- Stop process -- Expand pivot -- Quarantine service - ->[!NOTE] ->The tab will only appear if there are pending actions for that category. - -### Approve or reject an action -You'll need to manually approve or reject pending actions on each of these categories for the automated actions to proceed. - -Selecting an investigation from any of the categories opens a panel where you can approve or reject the remediation. Other details such as file or service details, investigation details, and alert details are displayed. - -![Image of pending action selected](images/atp-pending-actions-file.png) - -From the panel, you can click on the Open investigation page link to see the investigation details. - -You also have the option of selecting multiple investigations to approve or reject actions on multiple investigations. - ## Related topic - [Investigate Microsoft Defender ATP alerts](investigate-alerts.md) +- [Manage actions related to automated investigation and remediation](auto-investigation-action-center.md)