reflect UI changes

2025-06-21 21:33:38 +00:00 · 2016-04-22 17:47:51 +10:00
parent 03b93c69ae
commit 5cd1406704
4 changed files with 8 additions and 7 deletions
--- a/windows/keep-secure/alerts-queue-windows-advanced-threat-protection.md
+++ b/windows/keep-secure/alerts-queue-windows-advanced-threat-protection.md
@ -6,6 +6,7 @@ search.product: eADQiWindows 10XVcnh
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mjcaparas
 ---
 # View and organize the Windows Defender Advanced Threat Protection Alerts queue
@ -22,12 +23,12 @@ To see a list of alerts, click any of the queues under the **Alerts queue** opti
 The following table and screenshot demonstrate the main areas of the **Alerts queue**.
-![Screenshot of the Dashboard showing the New Alerts list and navigation bar](images/alertsq2.png)
+![Screenshot of the Dashboard showing the New Alerts list and navigation bar](images/alertsq.png)
 Highlighted area|Area name|Description
 :---|:---|:---
 (1)|**Alerts queue**| Select to show **New**, **In Progress**, or **Resolved alerts**
-(2)|Alerts|Each alert shows:<ul><li>The severity of an alert as a colored bar</li><li>A short description of the alert, including the name of the threat actor (in cases where the attribution is possible)</li><li>The last occurrence of the alert on any machine</li><li>The number of days the alert has been in the queue</li><li>The general category or type of alert, or the alert's kill-chain stage</li><li>The affected machine (if there are multiple machines, the number of affected machines will be shown)</li><li>A **Manage Alert** menu icon ![The menu icon looks like three periods stacked on top of each other](images/menu-icon.png) that allows you to update the alert's status and add comments</li></ul>Clicking an alert expands to display more information about the threat and brings you to the date in the timeline when the alert was detected.
+(2)|Alerts|Each alert shows:<ul><li>The severity of an alert as a colored bar</li><li>A short description of the alert, including the name of the threat actor (in cases where the attribution is possible)</li><li>The last occurrence of the alert on any machine</li><li>The number of days the alert has been in the queue</li><li>The severity of the alert</li><li>The general category or type of alert, or the alert's kill-chain stage</li><li>The affected machine (if there are multiple machines, the number of affected machines will be shown)</li><li>A **Manage Alert** menu icon ![The menu icon looks like three periods stacked on top of each other](images/menu-icon.png) that allows you to update the alert's status and add comments</li></ul>Clicking an alert expands to display more information about the threat and brings you to the date in the timeline when the alert was detected.
 (3)|Alerts sorting and filters | You can sort alerts by: <ul><li>**Newest** (when the threat was last seen on your network)</li><li>**Time in queue** (how long the threat has been in your queue)</li><li>**Severity**</li></ul>You can also filter the displayed alerts by:<ul><li>Severity</li><li>Time period</li></ul>See [Windows Defender ATP alerts](use-windows-defender-advanced-threat-protection.md#windows-defender-atp-alerts) for more details.
 ##Sort and filter the Alerts queue
--- a/windows/keep-secure/images/alertsq.png
+++ b/windows/keep-secure/images/alertsq.png
--- a/windows/keep-secure/images/timeline.png
+++ b/windows/keep-secure/images/timeline.png
--- a/windows/keep-secure/machines-view-windows-advanced-threat-protection.md
+++ b/windows/keep-secure/machines-view-windows-advanced-threat-protection.md
@ -1,7 +1,7 @@
 ---
 title: Investigate machines in the Windows Defender ATP Machines view
 description: Investigate affected machines in your network by reviewing alerts, network connection information, and service health on the Machines view.
-keywords: machines, endpoints, machine, endpoint, alerts queue, alerts, machine name, domain, last seen, internal IP, active alerts, active threats, threat category, filter, sort, review alerts, network, connection, malware, type, password stealer, ransomware, exploit, threat, low severity
+keywords: machines, endpoints, machine, endpoint, alerts queue, alerts, machine name, domain, last seen, internal IP, active alerts, active malware detections, threat category, filter, sort, review alerts, network, connection, malware, type, password stealer, ransomware, exploit, threat, low severity
 search.product: eADQiWindows 10XVcnh 
 ms.prod: W10
 ms.mktglfcycl: deploy
@ -14,7 +14,7 @@ ms.sitesec: library
 <span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-The **Machines view** shows a list of the machines in your network, the corresponding number of active alerts for each machine categorized by alert severity levels, and the number of threats. This view allows you to identify machines with the highest risk at a glance, and keep track of all the machines that are reporting telemetry in your network. 
+The **Machines view** shows a list of the machines in your network, the corresponding number of active alerts for each machine categorized by alert severity levels, and the number of active malware detections. This view allows you to identify machines with the highest risk at a glance, and keep track of all the machines that are reporting telemetry in your network. 
 Use the Machines view in these two main scenarios: 
@ -30,7 +30,7 @@ The Machines view contains the following columns:
 - **Last seen** - when the machine last reported telemetry 
 - **Internal IP** - the local internal Internet Protocol (IP) address of the machine 
 - **Active Alerts** - the number of alerts reported by the machine by severity
- **Active malware detections** - the number of active threats reported by the machine
+- **Active malware detections** - the number of active malware detections reported by the machine
 > **Note**&nbsp;&nbsp;The **Active alerts** and **Active malware detections** filter column will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/en-us/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product. 
@ -38,7 +38,7 @@ Click any column header to sort the view in ascending or descending order.
 ![Screenshot of the Machines view on the portal](images/machines-view.png)
-You can sort the **Machines view** by **Machine name**, **Last seen**, **IP**, **Alerts**, and **Active threats**. Scroll down the **Machines view** to see additional machines. 
+You can sort the **Machines view** by **Machine name**, **Last seen**, **IP**, **Active Alerts**, and **Active malware detections**. Scroll down the **Machines view** to see additional machines. 
 The view contains two filters: time and threat category.
@ -60,7 +60,7 @@ The threat category filter lets you filter the view by the following categories:
 - Threat
 - Low severity
-See the [Investigate machines with active alerts](dashboard-windows-advanced-threat-protection.md#investigate-machines-with-active-threats) topic for a description of each category.
+See the [Investigate machines with active alerts](dashboard-windows-advanced-threat-protection.md#investigate-machines-with-active-malware-detections) topic for a description of each category.
 You can also download a full list of all the machines in your organization, in CSV format. Click the **Manage Alert** menu icon ![The menu icon looks like three periods stacked on top of each other](images/menu-icon.png) to download the entire list as a CSV file.