deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-27 20:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merged PR 12688: Off cycle publish for WDATP Mitre meeting

Browse Source 
Update to this topic:

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection
This commit is contained in:
Louie Mayor 2018-11-08 15:19:58 +00:00 committed by Daniel Simpson
commit 5dd14035cb
2 changed files with 4 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/deployment/windows-autopilot/TOC.md
View File

@ -6,8 +6,8 @@
## [Scenarios and Capabilities](windows-autopilot-scenarios.md)
### [Support for existing devices](existing-devices.md)
### [User-driven mode](user-driven.md)
#### [User-driven mode for AAD](user-driven-aad.md)
#### [User-driven mode for hybrid AAD](user-driven-hybrid.md)
#### [Azure Active Directory joined](user-driven-aad.md)
#### [Hybrid Azure Active Directory joined](user-driven-hybrid.md)
### [Self-deploying mode](self-deploying.md)
### [Enrollment status page](enrollment-status.md)
### [Windows Autopilot Reset](windows-autopilot-reset.md)

7
windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md
View File

@ -54,14 +54,11 @@ Some actor profiles include a link to download a more comprehensive threat intel
The detailed alert profile helps you understand who the attackers are, who they target, what techniques, tools, and procedures (TTPs) they use, which geolocations they are active in, and finally, what recommended actions you may take. In many cases, you can download a more detailed Threat Intelligence report about this attacker or campaign for offline reading.
## Alert process tree
The **Alert process tree** takes alert triage and investigation to the next level, displaying the alert and related evidence, together with other events that occurred within the same execution context and time. This rich triage context of the alert and surrounding events is available on the alert page.
The **Alert process tree** takes alert triage and investigation to the next level, displaying the aggregated alert and surrounding evidence that occurred within the same execution context and time period. This rich triage and investigation context is available on the alert page.
![Image of the alert process tree](images/atp-alert-process-tree.png)
The **Alert process tree** expands to display the execution path of the alert, its evidence, and related events that occurred in the minutes - before and after - the alert.
The alert and related events or evidence have circles with thunderbolt icons inside them.
The **Alert process tree** expands to display the execution path of the alert and related evidence that occurred around the same period. Items marked with a thunderbolt icon should be given priority during investigation.
>[!NOTE]
>The alert process tree might not be available in some alerts.