deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

new action center topic

Browse Source
This commit is contained in:
Joey Caparas 2019-06-20 17:12:45 -07:00
parent 2dd958211b
commit 41500b2269
6 changed files with 60 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
windows/security/threat-protection/TOC.md
View File

@ -72,6 +72,7 @@
#### [Automated investigation and remediation](microsoft-defender-atp/automated-investigations.md) #### [Automated investigation and remediation](microsoft-defender-atp/automated-investigations.md)
##### [Learn about the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md) ##### [Learn about the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md)
#####[Manage actions related to automated investigation and remediation](microsoft-defender-atp/auto-investigation-action-center.md)
#### [Secure score](microsoft-defender-atp/overview-secure-score.md) #### [Secure score](microsoft-defender-atp/overview-secure-score.md)

1
windows/security/threat-protection/microsoft-defender-atp/TOC.md
View File

@ -75,6 +75,7 @@
### [Automated investigation and remediation](automated-investigations.md) ### [Automated investigation and remediation](automated-investigations.md)
#### [Learn about the automated investigation and remediation dashboard](manage-auto-investigation.md) #### [Learn about the automated investigation and remediation dashboard](manage-auto-investigation.md)
#### [Manage actions related to automated investigation and remediation](auto-investigation-action-center.md)
### [Secure score](overview-secure-score.md) ### [Secure score](overview-secure-score.md)

54
windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md Normal file
View File

@ -0,0 +1,54 @@
---
title: Manage actions related to automated investigation and remediation
description: Use the action center to manage actions related to automated investigation and response
keywords: action, center, autoir, automated, investigation, response, remediation
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# Manage actions related to automated investigation and remediation
The Action center aggregates all investigations that require an action for an investigation to proceed or be completed.
![Image of Action center page](images/action-center.png)
The action center consists of two main tabs:
- Pending actions - Displays a list of ongoing investigations that require attention. A recommended action is presented to the analyst, which they can approve or reject.
- History - Acts as an audit log for:
- All actions taken by AutoIR or approved by an analyst with ability to undo actions that support this capability (for example, quarantine file).
- All commands ran and remediation actions applied in Live Response with ability to undo actions that support this capability.
- Remediation actions applied by Windows Defender AV with ability to undo actions that support this capability.
Use the Customize columns drop-down menu to select columns that you'd like to show or hide.
From this view, you can also download the entire list in CSV format using the **Export** feature, specify the number of items to show per page, and navigate between pages.
>[!NOTE]
>The tab will only appear if there are pending actions for that category.
### Approve or reject an action
You'll need to manually approve or reject pending actions on each of these categories for the automated actions to proceed.
Selecting an investigation from any of the categories opens a panel where you can approve or reject the remediation. Other details such as file or service details, investigation details, and alert details are displayed.
From the panel, you can click on the Open investigation page link to see the investigation details.
You also have the option of selecting multiple investigations to approve or reject actions on multiple investigations.
##Related topics
- [Automated investigation and investigation](automated-investigations.md)
- [Learn about the automated investigations dashboard](manage-auto-investigation.md)

5
windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md
View File

@ -1,8 +1,8 @@
--- ---
title: Evaluate Microsoft Defender Advanced Threat Protection title: Evaluate Microsoft Defender Advanced Threat Protection
ms.reviewer: ms.reviewer:
description: description: Evaluate the different security capabilities in Microsoft Defender ATP.
keywords: keywords: attack surface reduction, evaluate, next, generation, protection
search.product: eADQiWindows 10XVcnh search.product: eADQiWindows 10XVcnh
search.appverid: met150 search.appverid: met150
ms.prod: w10 ms.prod: w10
@ -16,7 +16,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: conceptual ms.topic: conceptual
ms.date: 08/10/2018
--- ---
# Evaluate Microsoft Defender ATP # Evaluate Microsoft Defender ATP

BIN
windows/security/threat-protection/microsoft-defender-atp/images/action-center.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 21 KiB

32
windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
View File

@ -162,37 +162,9 @@ If there are pending actions on an Automated investigation, you'll see a pop up
![Image of pending actions](images/pending-actions.png) ![Image of pending actions](images/pending-actions.png)
When you click on the pending actions link, you'll be taken to the pending actions page. You can also navigate to the page from the navigation page by going to **Automated investigation** > **Pending actions**. When you click on the pending actions link, you'll be taken to the Action center. You can also navigate to the page from the navigation page by going to **Automated investigation** > **Action center**. For more information, see [Action center](auto-investigation-action-center.md).
The pending actions view aggregates all investigations that require an action for an investigation to proceed or be completed.
![Image of pending actions page](images/atp-pending-actions-list.png)
Use the Customize columns drop-down menu to select columns that you'd like to show or hide.
From this view, you can also download the entire list in CSV format using the **Export** feature, specify the number of items to show per page, and navigate between pages.
Pending actions are grouped together in the following tabs:
- Quarantine file
- Remove persistence
- Stop process
- Expand pivot
- Quarantine service
>[!NOTE]
>The tab will only appear if there are pending actions for that category.
### Approve or reject an action
You'll need to manually approve or reject pending actions on each of these categories for the automated actions to proceed.
Selecting an investigation from any of the categories opens a panel where you can approve or reject the remediation. Other details such as file or service details, investigation details, and alert details are displayed.
![Image of pending action selected](images/atp-pending-actions-file.png)
From the panel, you can click on the Open investigation page link to see the investigation details.
You also have the option of selecting multiple investigations to approve or reject actions on multiple investigations.
## Related topic ## Related topic
- [Investigate Microsoft Defender ATP alerts](investigate-alerts.md) - [Investigate Microsoft Defender ATP alerts](investigate-alerts.md)
- [Manage actions related to automated investigation and remediation](auto-investigation-action-center.md)