diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index cf6a9871cb..229bf5ae54 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -17,6 +17,7 @@ ### [Attack surface reduction]() +#### [Overview of attack surface reduction](microsoft-defender-atp/overview-attack-surface-reduction.md) #### [Hardware-based isolation]() ##### [Hardware-based isolation in Windows 10](microsoft-defender-atp/overview-hardware-based-isolation.md) @@ -58,37 +59,31 @@ #### [Machines list]() ##### [View and organize the Machines list](microsoft-defender-atp/machines-view-overview.md) ##### [Manage machine group and tags](microsoft-defender-atp/machine-tags.md) -##### [Alerts related to this machine](microsoft-defender-atp/investigate-machines.md#alerts-related-to-this-machine) -##### [Machine timeline]() -###### [View machine profile](microsoft-defender-atp/investigate-machines.md#machine-timeline) -###### [Search for specific events](microsoft-defender-atp/investigate-machines.md#search-for-specific-events) -###### [Filter events from a specific date](microsoft-defender-atp/investigate-machines.md#filter-events-from-a-specific-date) -###### [Export machine timeline events](microsoft-defender-atp/investigate-machines.md#export-machine-timeline-events) -###### [Navigate between pages](microsoft-defender-atp/investigate-machines.md#navigate-between-pages) #### [Take response actions]() ##### [Take response actions on a machine]() ###### [Response actions on machines](microsoft-defender-atp/respond-machine-alerts.md) +###### [Manage tags](microsoft-defender-atp/respond-machine-alerts.md#manage-tags) +###### [Initiate Automated investigation](microsoft-defender-atp/respond-machine-alerts.md#initiate-automated-investigation) +###### [Initiate Live Response session](microsoft-defender-atp/respond-machine-alerts.md#initiate-live-response-session) ###### [Collect investigation package](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-machines) ###### [Run antivirus scan](microsoft-defender-atp/respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines) ###### [Restrict app execution](microsoft-defender-atp/respond-machine-alerts.md#restrict-app-execution) -###### [Remove app restriction](microsoft-defender-atp/respond-machine-alerts.md#remove-app-restriction) ###### [Isolate machines from the network](microsoft-defender-atp/respond-machine-alerts.md#isolate-machines-from-the-network) -###### [Release machine from isolation](microsoft-defender-atp/respond-machine-alerts.md#release-machine-from-isolation) ####### [Check activity details in Action center](microsoft-defender-atp/respond-machine-alerts.md#check-activity-details-in-action-center) ##### [Take response actions on a file]() ###### [Response actions on files](microsoft-defender-atp/respond-file-alerts.md) ###### [Stop and quarantine files in your network](microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network) -###### [Remove file from quarantine](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-quarantine) -###### [Block files in your network](microsoft-defender-atp/respond-file-alerts.md#block-files-in-your-network) -###### [Remove file from blocked list](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-blocked-list) +###### [Restore file from quarantine](microsoft-defender-atp/respond-file-alerts.md#restore-file-from-quarantine) +###### [Add indicators to block or allow a file](microsoft-defender-atp/respond-file-alerts.md#add-indicator-to-block-or-allow-a-file) ###### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center) +###### [Download or collect file](microsoft-defender-atp/respond-file-alerts.md#download-or-collect-file) ###### [Deep analysis](microsoft-defender-atp/respond-file-alerts.md#deep-analysis) ###### [Submit files for analysis](microsoft-defender-atp/respond-file-alerts.md#submit-files-for-analysis) ###### [View deep analysis reports](microsoft-defender-atp/respond-file-alerts.md#view-deep-analysis-reports) -####### [Troubleshoot deep analysis](microsoft-defender-atp/respond-file-alerts.md#troubleshoot-deep-analysis) +###### [Troubleshoot deep analysis](microsoft-defender-atp/respond-file-alerts.md#troubleshoot-deep-analysis) ##### [Investigate entities using Live response]() ###### [Investigate entities on machines](microsoft-defender-atp/live-response.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/oldTOC.md b/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt similarity index 100% rename from windows/security/threat-protection/microsoft-defender-atp/oldTOC.md rename to windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md index 230e57d75e..ca1cfc7d53 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md @@ -157,6 +157,20 @@ When you select this action, a fly-out will appear. From the fly-out, you can re If a file is not already stored by Microsoft Defender ATP, you cannot download it. Instead, you will see a **Collect file** button in the same location. If a file has not been seen in the organization in the past 30 days, **Collect file** will be disabled. +## Check activity details in Action center + +The **Action center** provides information on actions that were taken on a machine or file. You’ll be able to view the following details: + +- Investigation package collection +- Antivirus scan +- App restriction +- Machine isolation + +All other related details are also shown, for example, submission date/time, submitting user, and if the action succeeded or failed. + +![Image of action center with information](images/action-center-details.png) + + ## Deep analysis Cyber security investigations are typically triggered by an alert. Alerts are related to one or more observed files that are often new or unknown. Clicking a file takes you to the file view where you can see the file's metadata. To enrich the data related to the file, you can submit the file for deep analysis.