mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 13:27:23 +00:00
jcaparas
GitHub
commit
714dc95f99
@ -72,6 +72,7 @@
|
||||
|
||||
#### [Automated investigation and remediation](microsoft-defender-atp/automated-investigations.md)
|
||||
##### [Learn about the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md)
|
||||
#####[Manage actions related to automated investigation and remediation](microsoft-defender-atp/auto-investigation-action-center.md)
|
||||
|
||||
|
||||
#### [Secure score](microsoft-defender-atp/overview-secure-score.md)
|
||||
|
||||
@ -75,6 +75,7 @@
|
||||
|
||||
### [Automated investigation and remediation](automated-investigations.md)
|
||||
#### [Learn about the automated investigation and remediation dashboard](manage-auto-investigation.md)
|
||||
#### [Manage actions related to automated investigation and remediation](auto-investigation-action-center.md)
|
||||
|
||||
|
||||
### [Secure score](overview-secure-score.md)
|
||||
|
||||
@ -0,0 +1,54 @@
|
||||
---
|
||||
title: Manage actions related to automated investigation and remediation
|
||||
description: Use the action center to manage actions related to automated investigation and response
|
||||
keywords: action, center, autoir, automated, investigation, response, remediation
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: medium
|
||||
manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Manage actions related to automated investigation and remediation
|
||||
|
||||
The Action center aggregates all investigations that require an action for an investigation to proceed or be completed.
|
||||
|
||||
|
||||
|
||||
The action center consists of two main tabs:
|
||||
- Pending actions - Displays a list of ongoing investigations that require attention. A recommended action is presented to the analyst, which they can approve or reject.
|
||||
- History - Acts as an audit log for:
|
||||
- All actions taken by AutoIR or approved by an analyst with ability to undo actions that support this capability (for example, quarantine file).
|
||||
- All commands ran and remediation actions applied in Live Response with ability to undo actions that support this capability.
|
||||
- Remediation actions applied by Windows Defender AV with ability to undo actions that support this capability.
|
||||
|
||||
|
||||
|
||||
|
||||
Use the Customize columns drop-down menu to select columns that you'd like to show or hide.
|
||||
|
||||
From this view, you can also download the entire list in CSV format using the **Export** feature, specify the number of items to show per page, and navigate between pages.
|
||||
|
||||
|
||||
>[!NOTE]
|
||||
>The tab will only appear if there are pending actions for that category.
|
||||
|
||||
### Approve or reject an action
|
||||
You'll need to manually approve or reject pending actions on each of these categories for the automated actions to proceed.
|
||||
|
||||
Selecting an investigation from any of the categories opens a panel where you can approve or reject the remediation. Other details such as file or service details, investigation details, and alert details are displayed.
|
||||
|
||||
From the panel, you can click on the Open investigation page link to see the investigation details.
|
||||
|
||||
You also have the option of selecting multiple investigations to approve or reject actions on multiple investigations.
|
||||
|
||||
## Related topics
|
||||
- [Automated investigation and investigation](automated-investigations.md)
|
||||
- [Learn about the automated investigations dashboard](manage-auto-investigation.md)
|
||||
@ -56,7 +56,7 @@ During an Automated investigation, details about each analyzed entity is categor
|
||||
|
||||
The **Log** tab reflects the chronological detailed view of all the investigation actions taken on the alert.
|
||||
|
||||
If there are pending actions on the investigation, the **Pending actions** tab will be displayed where you can approve or reject actions.
|
||||
If there are pending actions on the investigation, the **Pending actions** tab will be displayed where you can approve or reject actions. You can also go to the **Action center** to get an aggregated view all pending actions and manage remediaton actions. It also acts as an audit trail for all Automated investigation actions.
|
||||
|
||||
### How an Automated investigation expands its scope
|
||||
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
---
|
||||
title: Evaluate Microsoft Defender Advanced Threat Protection
|
||||
ms.reviewer:
|
||||
description:
|
||||
keywords:
|
||||
description: Evaluate the different security capabilities in Microsoft Defender ATP.
|
||||
keywords: attack surface reduction, evaluate, next, generation, protection
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
@ -16,7 +16,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 08/10/2018
|
||||
---
|
||||
|
||||
# Evaluate Microsoft Defender ATP
|
||||
|
||||
Binary file not shown.
|
After Width: | Height: | Size: 21 KiB |
@ -162,37 +162,9 @@ If there are pending actions on an Automated investigation, you'll see a pop up
|
||||
|
||||
|
||||
|
||||
When you click on the pending actions link, you'll be taken to the pending actions page. You can also navigate to the page from the navigation page by going to **Automated investigation** > **Pending actions**.
|
||||
When you click on the pending actions link, you'll be taken to the Action center. You can also navigate to the page from the navigation page by going to **Automated investigation** > **Action center**. For more information, see [Action center](auto-investigation-action-center.md).
|
||||
|
||||
|
||||
The pending actions view aggregates all investigations that require an action for an investigation to proceed or be completed.
|
||||
|
||||
|
||||
|
||||
Use the Customize columns drop-down menu to select columns that you'd like to show or hide.
|
||||
|
||||
From this view, you can also download the entire list in CSV format using the **Export** feature, specify the number of items to show per page, and navigate between pages.
|
||||
|
||||
Pending actions are grouped together in the following tabs:
|
||||
- Quarantine file
|
||||
- Remove persistence
|
||||
- Stop process
|
||||
- Expand pivot
|
||||
- Quarantine service
|
||||
|
||||
>[!NOTE]
|
||||
>The tab will only appear if there are pending actions for that category.
|
||||
|
||||
### Approve or reject an action
|
||||
You'll need to manually approve or reject pending actions on each of these categories for the automated actions to proceed.
|
||||
|
||||
Selecting an investigation from any of the categories opens a panel where you can approve or reject the remediation. Other details such as file or service details, investigation details, and alert details are displayed.
|
||||
|
||||
|
||||
|
||||
From the panel, you can click on the Open investigation page link to see the investigation details.
|
||||
|
||||
You also have the option of selecting multiple investigations to approve or reject actions on multiple investigations.
|
||||
|
||||
## Related topic
|
||||
- [Investigate Microsoft Defender ATP alerts](investigate-alerts.md)
|
||||
- [Manage actions related to automated investigation and remediation](auto-investigation-action-center.md)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user