updates to toc

windows/security/threat-protection/TOC.md

@@ -17,6 +17,7 @@
 
 
 ### [Attack surface reduction]()
+#### [Overview of attack surface reduction](microsoft-defender-atp/overview-attack-surface-reduction.md)
 #### [Hardware-based isolation]()
 ##### [Hardware-based isolation in Windows 10](microsoft-defender-atp/overview-hardware-based-isolation.md)
 
@@ -58,37 +59,31 @@
 #### [Machines list]()
 ##### [View and organize the Machines list](microsoft-defender-atp/machines-view-overview.md)
 ##### [Manage machine group and tags](microsoft-defender-atp/machine-tags.md)
-##### [Alerts related to this machine](microsoft-defender-atp/investigate-machines.md#alerts-related-to-this-machine)
 
-##### [Machine timeline]()
-###### [View machine profile](microsoft-defender-atp/investigate-machines.md#machine-timeline)
-###### [Search for specific events](microsoft-defender-atp/investigate-machines.md#search-for-specific-events)
-###### [Filter events from a specific date](microsoft-defender-atp/investigate-machines.md#filter-events-from-a-specific-date)
-###### [Export machine timeline events](microsoft-defender-atp/investigate-machines.md#export-machine-timeline-events)
-###### [Navigate between pages](microsoft-defender-atp/investigate-machines.md#navigate-between-pages)
 
 #### [Take response actions]()
 ##### [Take response actions on a machine]()
 ###### [Response actions on machines](microsoft-defender-atp/respond-machine-alerts.md)
+###### [Manage tags](microsoft-defender-atp/respond-machine-alerts.md#manage-tags)
+###### [Initiate Automated investigation](microsoft-defender-atp/respond-machine-alerts.md#initiate-automated-investigation)
+###### [Initiate Live Response session](microsoft-defender-atp/respond-machine-alerts.md#initiate-live-response-session)
 ###### [Collect investigation package](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-machines)
 ###### [Run antivirus scan](microsoft-defender-atp/respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines)
 ###### [Restrict app execution](microsoft-defender-atp/respond-machine-alerts.md#restrict-app-execution)
-###### [Remove app restriction](microsoft-defender-atp/respond-machine-alerts.md#remove-app-restriction)
 ###### [Isolate machines from the network](microsoft-defender-atp/respond-machine-alerts.md#isolate-machines-from-the-network)
-###### [Release machine from isolation](microsoft-defender-atp/respond-machine-alerts.md#release-machine-from-isolation)
 ####### [Check activity details in Action center](microsoft-defender-atp/respond-machine-alerts.md#check-activity-details-in-action-center)
  
 ##### [Take response actions on a file]()
 ###### [Response actions on files](microsoft-defender-atp/respond-file-alerts.md)
 ###### [Stop and quarantine files in your network](microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network)
-###### [Remove file from quarantine](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-quarantine)
+###### [Restore file from quarantine](microsoft-defender-atp/respond-file-alerts.md#restore-file-from-quarantine)
-###### [Block files in your network](microsoft-defender-atp/respond-file-alerts.md#block-files-in-your-network)
+###### [Add indicators to block or allow a file](microsoft-defender-atp/respond-file-alerts.md#add-indicator-to-block-or-allow-a-file)
-###### [Remove file from blocked list](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-blocked-list)
 ###### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center)
+###### [Download or collect file](microsoft-defender-atp/respond-file-alerts.md#download-or-collect-file)
 ###### [Deep analysis](microsoft-defender-atp/respond-file-alerts.md#deep-analysis)
 ###### [Submit files for analysis](microsoft-defender-atp/respond-file-alerts.md#submit-files-for-analysis)
 ###### [View deep analysis reports](microsoft-defender-atp/respond-file-alerts.md#view-deep-analysis-reports)
-####### [Troubleshoot deep analysis](microsoft-defender-atp/respond-file-alerts.md#troubleshoot-deep-analysis)
+###### [Troubleshoot deep analysis](microsoft-defender-atp/respond-file-alerts.md#troubleshoot-deep-analysis)
 
 ##### [Investigate entities using Live response]()
 ###### [Investigate entities on machines](microsoft-defender-atp/live-response.md)

windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md

@@ -157,6 +157,20 @@ When you select this action, a fly-out will appear. From the fly-out, you can re
 
 If a file is not already stored by Microsoft Defender ATP, you cannot download it. Instead, you will see a **Collect file** button in the same location. If a file has not been seen in the organization in the past 30 days, **Collect file** will be disabled.
 
+## Check activity details in Action center
+
+The **Action center** provides information on actions that were taken on a machine or file. You’ll be able to view the following details:
+
+- Investigation package collection
+- Antivirus scan
+- App restriction
+- Machine isolation
+
+All other related details are also shown, for example, submission date/time, submitting user, and if the action succeeded or failed.
+
+![Image of action center with information](images/action-center-details.png)
+
+
 ## Deep analysis
 
 Cyber security investigations are typically triggered by an alert. Alerts are related to one or more observed files that are often new or unknown. Clicking a file takes you to the file view where you can see the file's metadata. To enrich the data related to the file, you can submit the file for deep analysis.