From 69b9e47b6c8661498719a65b3bdd140d348d99b7 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Fri, 27 Mar 2020 08:53:57 -0700 Subject: [PATCH] Update alerts-queue.md --- .../threat-protection/microsoft-defender-atp/alerts-queue.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md index e8ceed77be..ddf6f3b390 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md +++ b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md @@ -49,7 +49,7 @@ You can apply the following filters to limit the list of alerts and get a more f Alert severity | Description :---|:--- High
(Red) | Alerts commonly seen associated with advanced persistent threats (APT). These alerts indicate a high risk due to the severity of damage they can inflict on machines. Some examples of these are credential theft tools activities, ransomware activities not associated with any group, tampering with security sensors, or any malicious activities indicative of a human adversary. -Medium
(Orange) | Alerts from endpoint detection and response post-breach behaviors that might be a part of an advanced persistent threat. This includes observed behaviors typical of attack stages, anomalous registry change, execution of suspicious files, and so forth. Although some might be part of internal security testing, it requires investigation as it might also be a part of an advanced attack. +Medium
(Orange) | Alerts from endpoint detection and response post-breach behaviors that might be a part of an advanced persistent threat (APT). This includes observed behaviors typical of attack stages, anomalous registry change, execution of suspicious files, and so forth. Although some might be part of internal security testing, it requires investigation as it might also be a part of an advanced attack. Low
(Yellow) | Alerts on threats associated with prevalent malware, hack-tools, non-malware hack tools, such as running exploration commands, clearing logs, etc., that often do not indicate an advanced threat targeting the organization. It could also come from an isolated security tool testing by a user in your organization. Informational
(Grey) | Alerts that might not be considered harmful to the network but can drive organizational security awareness on potential security issues.