From 66cfe6be8fac58673587d588fab4f753d35f3a1e Mon Sep 17 00:00:00 2001
From: Ben Alfasi <bealfasi@microsoft.com>
Date: Sun, 9 Dec 2018 13:40:42 +0200
Subject: [PATCH] Remove 'RecommendedAction' from Alert entity. Add 'Pending'
 to ActionStatus enum.

---
 ...lerts-windows-defender-advanced-threat-protection-new.md | 2 --
 ...rence-windows-defender-advanced-threat-protection-new.md | 1 -
 .../windows-defender-atp/exposed-apis-odata-samples.md      | 3 +--
 ...by-id-windows-defender-advanced-threat-protection-new.md | 3 +--
 ...lerts-windows-defender-advanced-threat-protection-new.md | 6 ++----
 ...lerts-windows-defender-advanced-threat-protection-new.md | 6 ++----
 ...lerts-windows-defender-advanced-threat-protection-new.md | 3 +--
 ...lerts-windows-defender-advanced-threat-protection-new.md | 3 +--
 ...lerts-windows-defender-advanced-threat-protection-new.md | 3 +--
 ...lerts-windows-defender-advanced-threat-protection-new.md | 6 ++----
 ...ction-windows-defender-advanced-threat-protection-new.md | 2 +-
 ...alert-windows-defender-advanced-threat-protection-new.md | 3 +--
 12 files changed, 13 insertions(+), 28 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md
index da80f7bb7e..c7cfc039ad 100644
--- a/windows/security/threat-protection/windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md
@@ -50,7 +50,6 @@ detectionSource | string | Detection source.
 threatFamilyName | string | Threat family.
 title | string | Alert title.
 description | String | Description of the threat, identified by the alert.
-recommendedAction | String | Action recommended for handling the suspected threat.
 alertCreationTime | DateTimeOffset | The date and time (in UTC) the alert was created.
 lastEventTime | DateTimeOffset | The last occurance of the event that triggered the alert on the same machine.
 firstEventTime | DateTimeOffset | The first occurance of the event that triggered the alert on that machine.
@@ -74,7 +73,6 @@ machineId | String | ID of a [machine](machine-windows-defender-advanced-threat-
 	"threatFamilyName": "Mikatz",
 	"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
 	"description": "Some description"
-	"recommendedAction": "Some recommended action"
 	"alertCreationTime": "2018-11-26T16:19:21.8409809Z",
 	"firstEventTime": "2018-11-26T16:17:50.0948658Z",
 	"lastEventTime": "2018-11-26T16:18:01.809871Z",
diff --git a/windows/security/threat-protection/windows-defender-atp/create-alert-by-reference-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/create-alert-by-reference-windows-defender-advanced-threat-protection-new.md
index 88f5545da4..3d7b0bcf7e 100644
--- a/windows/security/threat-protection/windows-defender-atp/create-alert-by-reference-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/create-alert-by-reference-windows-defender-advanced-threat-protection-new.md
@@ -85,7 +85,6 @@ Content-Length: application/json
   "severity": "Low",
   "title": "test alert",
   "description": "redalert",
-  "recommendedAction": "white alert",
   "eventTime": "2018-08-03T16:45:21.7115183Z",
   "reportId": "20776",
   "category": "None"
diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md
index 37c5a9f1d7..2c87e56309 100644
--- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md
+++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md
@@ -100,8 +100,7 @@ Content-type: application/json
 			"detectionSource": "WindowsDefenderAv",
 			"threatFamilyName": "Mikatz",
 			"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
-			"description": "Some description"
-			"recommendedAction": "Some recommended action"
+			"description": "Some description",
 			"alertCreationTime": "2018-11-26T16:19:21.8409809Z",
 			"firstEventTime": "2018-11-26T16:17:50.0948658Z",
 			"lastEventTime": "2018-11-26T16:18:01.809871Z",
diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md
index 88cda0c956..5c9436aefc 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md
@@ -87,8 +87,7 @@ Here is an example of the response.
 	"detectionSource": "WindowsDefenderAv",
 	"threatFamilyName": "Mikatz",
 	"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
-	"description": "Some description"
-	"recommendedAction": "Some recommended action"
+	"description": "Some description",
 	"alertCreationTime": "2018-11-25T16:19:21.8409809Z",
 	"firstEventTime": "2018-11-25T16:17:50.0948658Z",
 	"lastEventTime": "2018-11-25T16:18:01.809871Z",
diff --git a/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md
index 7cf854cf6f..9b0c1f4123 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md
@@ -100,8 +100,7 @@ Here is an example of the response.
 			"detectionSource": "WindowsDefenderAv",
 			"threatFamilyName": "Mikatz",
 			"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
-			"description": "Some description"
-			"recommendedAction": "Some recommended action"
+			"description": "Some description",
 			"alertCreationTime": "2018-11-26T16:19:21.8409809Z",
 			"firstEventTime": "2018-11-26T16:17:50.0948658Z",
 			"lastEventTime": "2018-11-26T16:18:01.809871Z",
@@ -121,8 +120,7 @@ Here is an example of the response.
 			"detectionSource": "WindowsDefenderAv",
 			"threatFamilyName": "Mikatz",
 			"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
-			"description": "Some description"
-			"recommendedAction": "Some recommended action"
+			"description": "Some description",
 			"alertCreationTime": "2018-11-25T16:19:21.8409809Z",
 			"firstEventTime": "2018-11-25T16:17:50.0948658Z",
 			"lastEventTime": "2018-11-25T16:18:01.809871Z",
diff --git a/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md
index 39c7ea3379..639c228caf 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md
@@ -96,8 +96,7 @@ Content-type: application/json
 			"detectionSource": "WindowsDefenderAv",
 			"threatFamilyName": "Mikatz",
 			"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
-			"description": "Some description"
-			"recommendedAction": "Some recommended action"
+			"description": "Some description",
 			"alertCreationTime": "2018-11-25T16:19:21.8409809Z",
 			"firstEventTime": "2018-11-25T16:17:50.0948658Z",
 			"lastEventTime": "2018-11-25T16:18:01.809871Z",
@@ -117,8 +116,7 @@ Content-type: application/json
 			"detectionSource": "WindowsDefenderAv",
 			"threatFamilyName": "Mikatz",
 			"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
-			"description": "Some description"
-			"recommendedAction": "Some recommended action"
+			"description": "Some description",
 			"alertCreationTime": "2018-11-24T16:19:21.8409809Z",
 			"firstEventTime": "2018-11-24T16:17:50.0948658Z",
 			"lastEventTime": "2018-11-24T16:18:01.809871Z",
diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection-new.md
index b8db356dde..7f309c2d4b 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection-new.md
@@ -94,8 +94,7 @@ Content-type: application/json
 			"detectionSource": "WindowsDefenderAv",
 			"threatFamilyName": "Mikatz",
 			"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
-			"description": "Some description"
-			"recommendedAction": "Some recommended action"
+			"description": "Some description",
 			"alertCreationTime": "2018-11-26T16:19:21.8409809Z",
 			"firstEventTime": "2018-11-26T16:17:50.0948658Z",
 			"lastEventTime": "2018-11-26T16:18:01.809871Z",
diff --git a/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection-new.md
index 601886b8ec..369f38ef43 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection-new.md
@@ -93,8 +93,7 @@ Content-type: application/json
 			"detectionSource": "WindowsDefenderAv",
 			"threatFamilyName": "Mikatz",
 			"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
-			"description": "Some description"
-			"recommendedAction": "Some recommended action"
+			"description": "Some description",
 			"alertCreationTime": "2018-11-25T16:19:21.8409809Z",
 			"firstEventTime": "2018-11-25T16:17:50.0948658Z",
 			"lastEventTime": "2018-11-25T16:18:01.809871Z",
diff --git a/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md
index 191f30cfc2..22e929fc9c 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md
@@ -93,8 +93,7 @@ Content-type: application/json
 			"detectionSource": "WindowsDefenderAv",
 			"threatFamilyName": "Mikatz",
 			"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
-			"description": "Some description"
-			"recommendedAction": "Some recommended action"
+			"description": "Some description",
 			"alertCreationTime": "2018-11-25T16:19:21.8409809Z",
 			"firstEventTime": "2018-11-25T16:17:50.0948658Z",
 			"lastEventTime": "2018-11-25T16:18:01.809871Z",
diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md
index 139d24daf4..f78eff0109 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md
@@ -93,8 +93,7 @@ Content-type: application/json
 			"detectionSource": "WindowsDefenderAv",
 			"threatFamilyName": "Mikatz",
 			"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
-			"description": "Some description"
-			"recommendedAction": "Some recommended action"
+			"description": "Some description",
 			"alertCreationTime": "2018-11-25T16:19:21.8409809Z",
 			"firstEventTime": "2018-11-25T16:17:50.0948658Z",
 			"lastEventTime": "2018-11-25T16:18:01.809871Z",
@@ -114,8 +113,7 @@ Content-type: application/json
 			"detectionSource": "WindowsDefenderAv",
 			"threatFamilyName": "Mikatz",
 			"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
-			"description": "Some description"
-			"recommendedAction": "Some recommended action"
+			"description": "Some description",
 			"alertCreationTime": "2018-11-24T16:19:21.8409809Z",
 			"firstEventTime": "2018-11-24T16:17:50.0948658Z",
 			"lastEventTime": "2018-11-24T16:18:01.809871Z",
diff --git a/windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md
index 6c225819b2..580d9cd88b 100644
--- a/windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md
@@ -40,7 +40,7 @@ id | Guid | Identity of the [Machine Action](machineaction-windows-defender-adva
 type | Enum | Type of the action. Possible values are: "RunAntiVirusScan", "Offboard", "CollectInvestigationPackage", "Isolate", "Unisolate", "StopAndQuarantineFile", "RestrictCodeExecution" and "UnrestrictCodeExecution"
 requestor | String | Identity of the person that executed the action.
 requestorComment | String | Comment that was written when issuing the action.
-status | Enum | Current status of the command. Possible values are: "InProgress", "Succeeded", "Failed", "TimeOut" and "Cancelled".
+status | Enum | Current status of the command. Possible values are: "Pending", "InProgress", "Succeeded", "Failed", "TimeOut" and "Cancelled".
 machineId | String | Id of the machine on which the action was executed.
 creationDateTimeUtc | DateTimeOffset | The date and time when the action was created.
 lastUpdateTimeUtc | DateTimeOffset | The last date and time when the action status was updated.
diff --git a/windows/security/threat-protection/windows-defender-atp/update-alert-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/update-alert-windows-defender-advanced-threat-protection-new.md
index 4e69de458e..cfc99280d3 100644
--- a/windows/security/threat-protection/windows-defender-atp/update-alert-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/update-alert-windows-defender-advanced-threat-protection-new.md
@@ -98,8 +98,7 @@ Here is an example of the response.
 	"detectionSource": "WindowsDefenderAv",
 	"threatFamilyName": "Mikatz",
 	"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
-	"description": "Some description"
-	"recommendedAction": "Some recommended action"
+	"description": "Some description",
 	"alertCreationTime": "2018-11-26T16:19:21.8409809Z",
 	"firstEventTime": "2018-11-26T16:17:50.0948658Z",
 	"lastEventTime": "2018-11-26T16:18:01.809871Z",