From 6fdef50881a7e7d082e21af317986d47c0411b7b Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 18 Mar 2020 15:26:12 -0700 Subject: [PATCH] Updated Low and High alert desc based on stakeholder feedback --- .../threat-protection/microsoft-defender-atp/alerts-queue.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md index b33e64a442..adcb427bfc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md +++ b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md @@ -48,9 +48,9 @@ You can apply the following filters to limit the list of alerts and get a more f Alert severity | Description :---|:--- -High
(Red) | Threats often associated with advanced persistent threats (APT). These alerts indicate a high risk due to the severity of damage they can inflict on machines. +High
(Red) | Threats often associated with advanced persistent threats (APT). These alerts indicate a high risk due to the severity of damage they can inflict on machines. Some examples of these are credential theft tools activities, ransomware activities not associated with any group, tampering with security sensors, or any malicious activities indicative of a human adversary. Medium
(Orange) | Threats rarely observed in the organization, such as anomalous registry change, execution of suspicious files, and observed behaviors typical of attack stages. -Low
(Yellow) | Threats associated with prevalent malware and hack-tools that do not necessarily indicate an advanced threat targeting the organization. +Low
(Yellow) | Threats associated with prevalent malware and hack-tools that do not indicate an advanced threat targeting the organization. It could also come from an isolated security tool testing by a user in your organization who is allowed to do so. Informational
(Grey) | Informational alerts are those that might not be considered harmful to the network but might be good to keep track of. #### Understanding alert severity