Updated investigate-incidents-windows-defender-advanced-threat-protection.md

2025-06-20 12:53:38 +00:00 · 2018-09-19 10:49:41 +00:00
parent 05345673df
commit 5f84ef4a5a
1 changed files with 9 additions and 0 deletions
--- a/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md
@ -33,6 +33,15 @@ You can investigate the alerts and see how they were linked together in the inci
 ![Image of alerts tab in incident page showing the Linked by tool tip](images/atp-incidents-alerts-linkedbytooltip.png)
 ![Image of alerts tab with incident details page showing the reasons the alerts were linked together in that incident](images/atp-incidents-alerts-incidentlinkedbyreason.png)

+Alerts are grouped into incidents for the following reasons:
+Automated investigation - 
+File characteristics - 
+Manual association - 
+Proximate time - 
+Same file - 
+
+
+
 You can also manage an alert and see alert metadata along with other information. For more information, see [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md). 

 ### Machines