From 0822473b6373acfa359fdae779abc28c4983cdc8 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 6 Jun 2019 14:44:47 -0700 Subject: [PATCH 1/3] add info about actions center for air --- .../microsoft-defender-atp/automated-investigations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index a4e69d1eab..7e77ed48e3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -56,7 +56,7 @@ During an Automated investigation, details about each analyzed entity is categor The **Log** tab reflects the chronological detailed view of all the investigation actions taken on the alert. -If there are pending actions on the investigation, the **Pending actions** tab will be displayed where you can approve or reject actions. +If there are pending actions on the investigation, the **Pending actions** tab will be displayed where you can approve or reject actions. You can also go to the **Action center** to get an aggregated view all pending actions and manage remediaton actions. It also acts as an audit trail for all Automated investigation actions. ### How an Automated investigation expands its scope From 41500b2269385ad836283ca8f2e6148df42d9901 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 20 Jun 2019 17:12:45 -0700 Subject: [PATCH 2/3] new action center topic --- windows/security/threat-protection/TOC.md | 1 + .../microsoft-defender-atp/TOC.md | 1 + .../auto-investigation-action-center.md | 54 ++++++++++++++++++ .../microsoft-defender-atp/evaluate-atp.md | 5 +- .../images/action-center.png | Bin 0 -> 21487 bytes .../manage-auto-investigation.md | 32 +---------- 6 files changed, 60 insertions(+), 33 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/action-center.png diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 3946fe4807..7fbe04c2fc 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -72,6 +72,7 @@ #### [Automated investigation and remediation](microsoft-defender-atp/automated-investigations.md) ##### [Learn about the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md) +#####[Manage actions related to automated investigation and remediation](microsoft-defender-atp/auto-investigation-action-center.md) #### [Secure score](microsoft-defender-atp/overview-secure-score.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/TOC.md b/windows/security/threat-protection/microsoft-defender-atp/TOC.md index 0f9409ab26..e8ce0c9dd9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/TOC.md +++ b/windows/security/threat-protection/microsoft-defender-atp/TOC.md @@ -75,6 +75,7 @@ ### [Automated investigation and remediation](automated-investigations.md) #### [Learn about the automated investigation and remediation dashboard](manage-auto-investigation.md) +#### [Manage actions related to automated investigation and remediation](auto-investigation-action-center.md) ### [Secure score](overview-secure-score.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md new file mode 100644 index 0000000000..1527dff194 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md @@ -0,0 +1,54 @@ +--- +title: Manage actions related to automated investigation and remediation +description: Use the action center to manage actions related to automated investigation and response +keywords: action, center, autoir, automated, investigation, response, remediation +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Manage actions related to automated investigation and remediation + +The Action center aggregates all investigations that require an action for an investigation to proceed or be completed. + +![Image of Action center page](images/action-center.png) + +The action center consists of two main tabs: +- Pending actions - Displays a list of ongoing investigations that require attention. A recommended action is presented to the analyst, which they can approve or reject. +- History - Acts as an audit log for: + - All actions taken by AutoIR or approved by an analyst with ability to undo actions that support this capability (for example, quarantine file). + - All commands ran and remediation actions applied in Live Response with ability to undo actions that support this capability. + - Remediation actions applied by Windows Defender AV with ability to undo actions that support this capability. + + + + +Use the Customize columns drop-down menu to select columns that you'd like to show or hide. + +From this view, you can also download the entire list in CSV format using the **Export** feature, specify the number of items to show per page, and navigate between pages. + + +>[!NOTE] +>The tab will only appear if there are pending actions for that category. + +### Approve or reject an action +You'll need to manually approve or reject pending actions on each of these categories for the automated actions to proceed. + +Selecting an investigation from any of the categories opens a panel where you can approve or reject the remediation. Other details such as file or service details, investigation details, and alert details are displayed. + +From the panel, you can click on the Open investigation page link to see the investigation details. + +You also have the option of selecting multiple investigations to approve or reject actions on multiple investigations. + +##Related topics +- [Automated investigation and investigation](automated-investigations.md) +- [Learn about the automated investigations dashboard](manage-auto-investigation.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md index 1abeaeef86..1939474a15 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md @@ -1,8 +1,8 @@ --- title: Evaluate Microsoft Defender Advanced Threat Protection ms.reviewer: -description: -keywords: +description: Evaluate the different security capabilities in Microsoft Defender ATP. +keywords: attack surface reduction, evaluate, next, generation, protection search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -16,7 +16,6 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/10/2018 --- # Evaluate Microsoft Defender ATP diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/action-center.png b/windows/security/threat-protection/microsoft-defender-atp/images/action-center.png new file mode 100644 index 0000000000000000000000000000000000000000..02ad4445e66c71c394405614490de9e1f9f6daf1 GIT binary patch literal 21487 zcmeEucR1VM|EPXiv}RjHY0;`tyY{AAQCsX$C5YH0YImWfXc2pFiNuWA(DFg;nZydM z6%wQN=0^Mb{&)Yn_jjM?KF_`9dGa`Uz0doc*Lm&pdY$;FudBgG$4N&;Ma8K3?6Dyg z)dd6<)j6h%G!)3wqy%rupG%(4%zdb+*!a&r=QIuZep7(7zM48uXlH4zu`37`wQ9Zj z1A1cS`vBtW?BPvSg6erj0WtVeK#zew_TC^*Uyz4870adDcPMbWGx#G9Pk(Qald~^X zDRYk!1J79z8+ywZPFN;EQKqQ#)^Wkh>Grw;Kx)6d3K__aWZ)K&tK2cjW&Jd*tEf26XqO+UZGb zrod>wS=@1sS*h|=y;Ig4usAMUs< z2mA$Of9&q<#nwk#pHYU=zP%|w;~%A+d-uQ5n=NHT2uCI@^&8lc26t_c<#JHBztjGV zS}3x-|72=7GNsP2gU?!K&L60Hv*4Dx@v^U5caUaS2mjJ}B*7%tuJCg^Dvk%RILf|8 zUfCvBk8RX99l1Bhz-|a+OSK8U( z1Ww;5I47ppXj6m?T*lDZZu$j}SH{x#sRzD=vjE8nD#3|1r!#fCDKR`lO|wHys?)Mo zZGZ7R`nlBt&r5^FyEzXTH9Y`V3AlXASkbMrz@m)X#ymu%?K8YlUp35QlU4gzuPGUx z_S`U!-F9|n9Y;HcuV$f5XuJ4J!o&}PB^bG`Bf+7&f!5eAIlLaN7NEf|sp-c==`ww) ztYa8P>EKDCl#~>DYUsgiB@c|Kdhrhesky^+h@H}IV-z2Hv25`NV^<%n2H0Gt>c<4o zI34MK=doqyQfVWR=xdHa^8LJ7tx~W)j3;I1v$-8EPId5@1nr8zq4loQHrBlPY4#dR z-=7v2NiYR{h9_X#;$}D-h5syb>sxv|6*$N(Ts%l66CIz79y(}rNEol>}+S(WIu->*<%&lq0 zZ`TswzbejeM~HlNeFlT1>yI@&vG`o`bV8eHsV;xhGNO1QTQW7sHWUKaHY(P`f!a(a z>R#lqaF1k!kZk>D5J5n3J=4NX*;=y;mwMY{ytyW9?{?=t zG*A3mYFUUW&VP^rUxV&;izEH_xcPyNQ*YMxa;~~*2R?3%+#zE_V}@kW45f6_w)XVY z*hdwECv^zBFtyO&NCEZ6K{frxcW!BTK6aPhjg!>%jd)ID>jo3O3G(WTDWBB6XQ`#` zhd*jEImT;d+@k$Y%n6~vkltRVu8k2wYMi+_euL$7xWC9$_RmiBnMoszzn!5qIGDDf zAY+5jKs{Av4F4JjUvijVsSv%a`bz; zXuuknG5&3?@9=#~FnnXV7VRFpYgj5mB!#ui#)$*AdH@z`;Dm$YCbTQ2|E=%fyfy2U z-E5l!?W}Rr3ISHj?XGnB<@1T^*-tz~2UL$k%DOGb)6Qk!Et<*lHlh8`u>ZP?@dX$4 z6b)Bn!LN*RcX3*~66QH2UcX2qQa@@KGk9V5)XjG%s!|9dRn=${R#i9;)7U8^Mhia@ z@QASNZ>^_ZW!`~(NVsZ*4zft+RYF&zuUC0&9wl*`?6Sp0vV%Z1wRIIuHTdk82*bD` z-)t)v7G>M+_zqKUo(E!BAzodhBsD}Mg{}=I5||~`i#@hUWyL8HAd*;4!v}+;4%_}*kKu!f)GpqU z@IepoczoDs;96-o(Op>~tNB;z!gk)h3{Gg&j=RP=T$L*B`G7RgskXe=CUN{x+TXPnOyy00F%dt_IE%+=*lzm| zo=Ep5vXWT9!W|Hv4%vMp&)oo35suEk-@#V`eE*O$=x27ucysHH?IF0Kc)>2aWqX3m zw-O(7T-)_*8EQR})9|*h`9AwtWO0EA1W=s+QgfOchmT|4-Y%?!nRsnne!_QH{;bn< zT*7}b#LRYrtY077B`sJI=(z1Ov0N@T`|A}c0Ekz@U-*NeOsNIMfcme2qcOH-{yWCo z-I*4xS2bXE{1q6uQ&aXiH4P-b!tl41) zd%HTtllag)UrNIsH5jX(5=%JOf8S6tX?nmxULAg&1Iwea9&AA7zbu)PUQrOX_Bq(s z7PCU(Oh-+cJv#78a8E$CmzF)yd$b zLmQHJ;&wFK8YB6`4r+5l0QIqv-B9?$+l(rxzx;I;Rbwu1aHK*Gbl(8VJ7i9rl5VKkA<#ceYU zL%@O6tDIw6!?4_^-&ekUy3SwK;h7((3TKeSGV z1Ti4g1`n`1%D=+e;k)Q2(cwpfkCewwj-6q+(3i<0>uhaLCf>%sC353u^mO;ktTkN( zh?gIC=oX7BKJBm!7p^Jb3(lWgib4}6NFtH2%&*3c{OCnFlXn3lcEBRBXTNq;3O*8C z%kbZOG&wVq;ml00>bElpA1fiLjSf}Xit;J6WM0j2v>Cn4@naj??a1@v3a44)uMS|l z#rySrT*WLl(Cm^mx0?G^LGR+SCT^{z1wNcGRV%734Ji}&vkT`7O<{m6*TDnpn$SD$ zE5yw@9fCW@OOFR=ZIP*NBjD74;due|f>F7+u3B=K`ZTIpymGP1BW9dfGEm{6hD`+Y zFHMEI`ih{V8jhx>97N=;LHo8#@AFxJ906<7Y9^%x=DRvk@owAw;3F>PrTKKd?OuaG zM!lOuPKr@m_&NivF&lC8VqqW;_xQJ20LO(eVY?F}&Pg1%nVT*y*lSQL`6$lBeKfa! zXJxo4_^^6ySj?iC#IIA|7<)k2PPUmgTD5pSVx|*?F*dBPX}+iHr&9e)F^hXZlIWOJ za%)zRaDyGuTo7vQG5Zm+G~UaWDx@JYys?eFq$#KcTc3)6NkhI`GYdeC=rw7jc?L5s z`6L+V7e3l~kDOUN7n~Rm&)-vb*^=fVMFhY_{u0eh?UOkm=V;f&xt4E9X`4J&5x&o; zG?l-|t%rDl@O2GtQab`C@Nz}Fj3;j|cI&~9P6W~Jry*_@GMZ^@{&(-xxJaY8YhwVl z@+YX3`8KV9!BI8A2@1PHjErt` z2Jz#`vfI)4Yndw6ddQQ99o?}cqi)_{mvyPos2Wo63T!p($B|hjw_Cd%m!jl1$JmE)F---21R5SX zlFYLz$_e7t!K;+kaZ)Z@j1Un4IrL2FphO;$st7hPX9@eMqV>BL3v!UAA-(lTK~Y0Z zi4NiI2xveQ=#WoZUv~^c`z7#~Jkhqk;)qinHrj@^|HFvc`8s~hDzuLtCl*_(Z?b?$ z&3Kj65aFv&-V_n6bsjTWY3<=mQLycncOb33Q=NPwao5;Sz)5&^KLX+udpT*o--GbL zZecwjs8b24$!!%Y*7;E8*`&fuz&xB_c%b@*W zQSFNO%gzRumKzBpOdQ1>b1o{v#e#&NJRVKEcg5ZvFkL zKYfvsbvSF6@BRPY|I0KuVly!xo?*ShZL-h4tr4Bps0$Q4LeofyN?*IeU6{f)(VAE9 zBXiH?^}+%-lE{h=dm`OB3v=9-0fqCnIQ^Ijy1uY+{f{JN3puY&&nP*6%WuA0xqT_P z3J9|?KTducvYlsw@hnn0@Oxr&yc^*GS>Eec8oN(MNG#;@vhwXqIei=oXC7RYe3I&p zTC@1;+(#tTBLK|?_zx!yV|*p2_aUn47A&S1q!l?s>)yVf&Qx`y+Z(xQ+&%I?e-?io zik(dcJZQKrs%2OKT|=w-GVyCK4fMr92m9goZ7rchDZvP#mVzid%06y102}<&eSMXE6O`@WI0lT`fGxiA zIu3AL`Gcm+rvR=Om@R~%=55k|ZX6_K^~QR#wA|tzGL%6*4F;O?QYJ)sq%O`Xd^vE>(gXT(Lxi^$Qmx;S93LM zKWXPimvx-Qa(~jymYI?4%Sr%?>9vyV@@Lc{S0OOIl&4GRvy+~1Tc3#G1G@$cbsB}C z5qFgxVQwcaysSOaLcrw1SLPh4aqPgf%&pJ7_60pE_V)m}Zsu)~(Yc|w|Lnv0ddMox zqJED3sd)*zjmQ@z0)qTdB;j-mF&;9dU(mx-_T!djb5^bwwa4Nh+Hz|!pPOW7TZvs^ zb|HNRQ^KR>>HM#AZo(&4oCA4}!NWL`S$B?>X5gqv_(4hQDGfM?G{p&?!%Rw`)iA5` zIGYN?@Gzma+3Gr%MCp=uc_IZMV>Ce+2`UqomN8hmbQ`9Z8o%}2H965$#Nch`dQh**BE0bFKH*+U*nId2A51yyl1UT$mhYaf$xTyA2h7`;Wgok#v3-P;wz&z zyWU_4V;0kVQ^quk-bjvh^A=`CGU?zFelvs#poYNhm%H9!8Y2rnS9se#iO|gvp4x`- zb!>!FJ&)@#h{W>ETgExaX(z%u4QGVE0RCve>u^Iozw-%OX)z@K;9_w)spm`_MeJG8 zMzl%55Tv$CRpdf1P_%N!Aq;O0ZbMGy3C8RfSv6lYXxZT9A8p)y!WVeyE5k!&Yx9Wh zWLZ8*W4%?eFI%t;=|`-X+=CYkf7tjf>qx~BcI^K8_>jDi*`5urQhHzgS?eS(LvR8S z95`zW&LA3%Ax9c8`LSxl8ht_VhdgZa8IBpMNry{L)J5j*!S}!cc3*~A3KC#bw5n?Z zLdI?8mJX1>kTui{=Oa<0-RnZ&sM16gV0e3R;CVvZUp2T7C!WKJP%jlGH;z2z5%O<& z6rku6RpUCA{i%9M%fevBp5xcSELYA@6Mw1_=!=w`>p)k%A9#F1P`Ao`8-U_5cdVN% z@K{5^-!&&KBZIhfF4?nMrk4s1Gn65L;e`(EAYVr7i$GF|GjOT1je{Q>*s4GpaC2PV&)qMTSzfPGqtrOtdsiz0)7 znSN{CM)#@im24cElxL==WK|H?X%~61_E={yh?P(AX&jwFOR@s1AhW^ax>@&7M;(du zvd?q3`+&Rx+WprA_V1k-e`x4<*4CzW!SWC7sY0N-y1IQOlmJo=s`^jQ1E6Y11h@5# z9FF>a7ya&blwNBk#o~nE%^ux4s|`?5>7P=3__6A@gOtvO<=bMTyR?LxIFn}Fr4{qj z%0yQsxZJv5aVQHtoMM>bJKG{NH2y0M$;oX8%b)gjF3K`3BrRbz0OCtWxL=Vearu{O zrx(2=zEzzW0YM=n!{x8MI)aG5CN=uC`|CgJQeC`QUtiBC|Lv>>Kxz6cEr0W(R2LZj zn|q%YPVUZSO)xDr^5`Ap6~Epp0!tV!&NsU+yZl`{ef#LD3D7chgh(5*p-X#Y%k|J$w7 zzZ?Ev=}{^L9kDzf|EUyERsUzMpZ`0v{`b7=JT=OCw#C=d!*&H?qhf90Lcd7uD0-@q zIT4+}EwGp(Qc8SeL$TS2=hXOz$X`}EUnuDAaPE1Cn5cRuBeG_&?ViASPT`Pxsm#xJ z@b?aS&3SjTDOl^(tb^)EiSXGwuLYLMhu9K8Cm$Uf_R_~i{j{b}Yf}WGOHllpDMK9s zKjt|neY4n_m8`x)P#&$7VHbzq^GC7r=)kW(w%=ZKG_3ZJ~A(Eaoa_Zwn6=1s; zfv2k+{tX?;hs4)Km;0b9WoUINooB-$t&IWVDBt?_=nwm zXwEB>Jw*Ocak1eKJv`W1+_W&98@zbmj3NUA4%DEbfpMs9rC;DiyXS-YeQXzfmyXZE zB6z8~6|UpMi!QZ4wk@S$wk_>#B|})hjUl(ruPmAFE9y4{eQN(??S2v2ouCGVcM0T! zHh-fksZB4XPE2V(V^gszo8y>HIHAM7F3e96C+}NgiX>!Sj0wiYzQOhv068m`10k6G z+JIbQ7~@qw$uljw&$83XtiJf|&G^x=p8C-YvN}3d`QQm817^$roOFDbkeZtNC~RVD zNe^wcSkzyQ{H>1}A@&#)ZdH6C$vWB38{Hrln~q#BNa|vv(}*?*SbEwU9ce6aI6WD? zI$x)|#wx3k#$cqK6l+jc(TxV}U*C?59I2bT79CZI4!2MitMm?rTv4%#y{<<4*5h8c z1A1{fW<#zC71p4~tV~?Wn-EN{hK_k-A+U?r3c6nH@N|tC{c8QnIv&5te0=P-6VO^g zYa&m(R1eHrL=TY~w`HH|^ItKccrF<`b+G*}Q;P)qQ_J0gT=w7+e??e-ujO`FuIUOY zU6A-$?qspPdT3r7jq}ZNUo+|z&R`#F7nFBFb^ExpkNU_dWu?`aREj?@_O@#R#jL-b zT*)O=^hI~e_DS}eO;A^O)q8b!GXPSJ{OxRA%*4Akk5FVk#tSOV4EA4f_~2A+%%p4T zESs}JqMw>mAYs8>rm3*zpuV)DfT2Tb=i9&bmuEmc^@st##_16jX7Nqc@`EL5u|Us; zsqtX_CaZ-^OoQ;rmqQ1O#*vezyG938J2aN-EziwxUnanH&H9NhHUxAG|+UK#Zi$#c0*(kZ8z;($vSvSTls0i5;vcneq~NHGu2 zVW%4|{T3^CDb3d6J+n;CEvaPO6#lNz)CvCZA4t>UKLmE${mEeKG=vWx3fug*b{NU- zFTO%nHAy)jyh^n`X0U#@v4K{kY(z=RkViExsm%Pm+w8b&pO5cxg>{|Iuq%<;9~K4G zj04aoX);r2<1^*TSlv`CX;32`mbSTp_Q%~aXIGoAXVv`eiHURi`cq!Bu#4?>+Cm*F zbp5@d&St;^@^xkrvnqz|73ZuPkZykaTrzsJzG;lqa4%>4TNgXHNbzB`jLtpeV0H1c z=rNyKpW{Nb5yI*NDq|;M>)E_qS;j)$=k1!f!i)v1Hw z0LX2f!(qi3e{1B5(gkLGD@%TuhpTVRLvQA{w0%<5W(?e@FXs!;mTui10kcocY5Sl{ zyzDARl9V;S1hX|h;2fi}zwbtQ1Zv6XI|#va2pe@UK}1Af)g|d8y`ReyE6nAvE5}t& zhii5`6?X!kj5V;BsNxEAe6CiPgXa$eO`1svN9*Klq^cF(mV_2HK!L1R(g9Hh|Mo7<@i7Ei}yrY*;*Au{Ct zJUD%+@H_bXz#h`5!_@CL`3K+NlJA5+{;5ZY7!(Er4e>iC^@~W+BE(F@?z-A+J03lt z^sMUBd1Kl$3Ow(Ng5HQ1P?@RwT?LVsqR}P!6bU4kj#rh1N5aJM!}I`ilO=C4OLD`> z&tHDv?25*CaM%8h2gA2UcBXAZQu1FiV)CSMlzrY&56YiAz)^MAFupA# zwMcs12mRXE6bk1)loFj?GLvtL!9?Ia^DZ)z@#Dyv-v}+dM#(PMZs%O`>fM+5%<_4~ z?yBD80Is0C0}i!mI8DkQm)q=$F*Q^F8-P76;OhC(^HfyX zoa{CMZ`_ejd|xzPRLl4VN1)c6hFU;hEXb`~7qoX_S^_?>sFj~P-wpfJVDQuj1VY0t zZ0YkQAGdcM%8gG~Chj0`&K4u7!amHCM7#MLwJylFvfaaxyDMJ+-#M4mkii;G_`A)J zg!S9m#hfbR63}mRuu)eD!kv>lw{0vkg*H#V>}_pHW0;DdsgG(HqKIiY(hTa}&ej z8uU1fR}PCB*laL?3`5nROC>>g`&=7e+pfzo0LI(kM(#AY zACSvAG{iQ=fn;ipsKJceue~&%FSuD}ir)WJOKmcwZp5yc*N(8&ppfsT<%@0KB@Hcc zMfjEPNzQ(q%;S^uQW)H`2e8Lyp82(lRmdZD#^a68TCvAZGh#zT$YtWj{WeKjZj;1n z^l15N2_fv0U<~~v#YxKwklIKdP7>JLzVNi6c|B0h>hO#(WPODfSJIGO%xzh}XN27S zQu~d>KnLe5@h8(`-KR}CD=jP_rr2+!-!=W$stO-6^HpzjhnXyG6jhg#UBy;wjqRsK zi(lE(KV%ke#EnhG($~6=+zI~FJ!*M>$9eBEVmEI;wcweUWk^u~^BNq=r4zFMwfN;v z*CZUM2-%-Ep1xa*JajjnTS~IE{zfj7Y)4GOupz|9t)fjAQqDW=6Lq5=aP=N+4tQfe zH#}26dNAIU7ZrXKmMvT^VTY_GnM38OU~Qw81UDMzlrFlc!xOOPS$`I zbFc=tQ#@y7Ko-*t0RRmEFZ?~i@;m;AR}W#ZV~nf3OTpEL(LT>DJr4vH>By?Y@Dw#L zPMs!nRFtWBt+A0jzOTG1s0;!gK@sv-x|MlGEw=VIuV19Af3nNGl7HUTZ}4;TWbS9_ z8OGT5KN3ULzY|iR>+tfr z#AsZ&rD#KAwks35La@gz{Cgo?C{8>0Bcfq7N{+ zH?#~}7RwRG zPW>*>tVEDuDjw87LhveU!x+@`)b@(+h1#Tcg&1v3Ky18P0G~(A!c#y~8BJeTS=%9w ztynZYG24coYi(aGz@amkQ+|BUhAZD3i+L(rnuobMIfcN6)+7r|iuFbtOCV;wQf-#( zi#HKfXu&Q8R3frx91c~D>8Cz43n;u)CHq|lU3ue0mIfs}%akY+4>b>LL2PcdXEmJa?*rJ*Ktc;gad4 zp>xf{$L$5a6{m;DMo+V4lgAV^Fo}?@oO!N3lN(9F*-qk% z#ciq*BY4X$UvlV#^Yjmq8wKJ#LBG$5omCQ23llk2c#V(s0#c3;w%Y6`ruHAv{B%#y0m8Kn&55Z8_7F@Yr^zE+U+ zvnaqT++{Lgd((XG>w0xw3&myj8=us;MN|E2n)J>mQu0i#GMharFFbJ-T(MWgL(%)s zi`$$&C~8uNX-Z{1bvt)U-`w#%=&{Ae+K*1Z>v>;?xSC_bU&WdQ@?>yN7AQOfDXc!l|q zc=rgtjrX;HgvKlAOYZn}bN@S+p~y?DJ$)yEds) zx;5v28v_d{WeM+aIfm&l2CL*ua3~=GeRKkjQ*bCw22THr)xPmFlXraG7Bji ze?Oj^(l`6#1d(*828*EQqKE*4wn>E)<@TP9Bf4Xb!CX|Dp`(D@aI@di@x72*y;)bf zasBC}#5YlCtA>&5WYC0KRL(Lf^j8{4a%8ZaiBc3Hlh5iWN<8s#JDgJztL*XZD_)34 z|9&z)tdW5guCUEJwF^lJX;q~718T?SeFSYl=9%IP1k3yNT;O*6v{w)3&YKRLIQPTz z{cHRa0SNAhAl>iLB}KW9xYW(eWqiyMb4^DrZF=Ji8T4RS8LcwbKGV{NvR+TV(8cw{ zX;r(Kei~XqR%d?f9Y{!R5$tAYa{`Fli_lUXN$?3g?HZq9OHI1#RsmpPnYGG9eibhX zaGwhiGge#?>7Pb&qqx3?)&{CiQxC|<1erk!F9701{W&6|rL-6BwmCMDymMaaMENO} z1PMHC5Wa0qy*ZOV@VFpwdCD-i`d7ShTwT{#?@taL@8cJJ>G?-@C#ts|3jqs@Y;6g; z$@K9KiRQ!frl6O_*ObeiQFm)}@^v=2)&BZdNjD`vnthm~3&$dSS9GXK&&1ZxD0*VS z!X_X$K}z(w9w(1-ZQG8Lb7lqNiBbIzKcn0bL|88K@#s6FD!%Sdx4UAz zZa&&9=!DrB!05Sr;^<8Hgh!?@^XT`NYw7A%qFV0G>-80KdXawv}^;3iEDaiL(r3pv# zh^R;CU5*7S;XnX{}Sz=B#2y|w8Tn|{A@G8`w&2wm>MUv~sm z^_1Ve6*f0Q^GWM|anzI&k*YBpo4CpDz(1bIuaoYsa7Cy1Xj+7#!*>m0Z~Sw9bKo)F zR_-NH`Q0r_MMOdnWlDk%yjDGVG=`xVSou_Xf9L-+tgt=NER>Knu=Pb3T1=g5%Y=5Xe0ztAE9Ln@~hC~B6)jp zdKZwBUN32dy`sPV+_cLl;acwdd5Xk0$wbLQ?Njo5l#J_bMjKhiNwSZH+JerFJ$%-2 zTEix?zk|xx*823uF#Pys`;I)nk?@$M;VwPbuKiGS#r|%B#m)P-xvXMsjA-L`KbN!u z=(be~=!`O^UO|5DoQUXh8~XoJ6g6+tK~uj!t2lB!XmULlTUp&3!q(tt>IDm4iyuJD zZP=qwBLJJ$oGzTWtn}BUn*?@@T&RyoQooRb1?Q+b^dX~Io?EDmyNO*&&WAQrK#gw( z@lm&Mr`le5PE^jc+y$!1>&?xGbg+pObUR89%HRx$0^iQ+U!QEAz@)GJ<1CeWi1}CU zv`BqNsUXy?ZzwdNZShpx4cbl(sIjGwESS-Z^lVhH1#$pA_8po(z*itu$4S)0m$)+H zs{yd^k%pKZWsqXKt@*E|_hY#!zsg8()+fUE6uF7m0G(}KsM@U8$hVuUMMC~;j7tgp zZ7K%-J?{mCgX@zLgLWEA71}TSR?7M^AqgUYVb}O6cXh>5=VZz+^M8^QdRg#*;U8mMF@f$n7Lzu@KOCx|2u`FbD8r;q$z$ag}(t-zUQIniUWTlwsLJ>(xUR zZQ(|Sh3<$%K)d_9*2-&`+>f8$&}OfXHj@iqfgoS~Oe-i=X;7%cspNFc3j!)EXr8<; z{<Z>>mX0u}IN#_U-Gh7A^oPkN@H1tb%L3cAyxefjLu{+(_yBd|p-QJI~jD zb=G{W*aX}fOC1sC&fWX%V5!ZJ6e9Mg@S5`L(KS0;Q5i2-#Dg+$X^taj!`7cdykqAM zy=FSEK!nin3HaaHkL!`l%vE?vT`ZI0oQ>bEgxKy9x)hyrOUL$0@s-w=YrkH>6Pq)w z23F+{)OJ-_Cr35od|OiUn46qY?!oYHrEGm!hvog%1d zBZHWp6B*4Y`+PGgWukV<#B*a#Qx=RXo$AsUhHU&0 z98Yevrqz2!w0c#5A_vB!nu;sHkcBGQ^^n{pYDoozzY>azV5Nwoq|07^`;wMs87hXj zc@eH}n~H8Q2|mzDtKl{%y8BkRxxA3n=^zw9&Az6PW=7GC{K2rBc*=?8TT1p+t8liO zEEs}3V02!#Nbj_2Owg)%^Y8JLHM28cB1et#Mam7C+_T@UQF(?J@BYb?Q2MVWC^dL8 z@jqYhTmLz#QXbrT@qex-vkNRVD$>RJsh*)jY11w6I}uHYwSd20sVEm_ld9`Wo5&Q3 zP}*yOHR<;MmO}J@O30o&O8y%T(VIsb-4e2WKCAU7`xzMXD#s8ZS}Og}i-^}$1~w<^ z$G$Ulx+h0fx*19U#b4<@zI}?sV#+9`wXgKoMslCb0uNa_+*_7UAqK$6Lc* z$G%5(ySCT#GKNZwincZ-ninG?*C4C)MAFwyiIK99V{$n1F6Fg8rSzzOE87jTrHGMA0Js@O`6=M*DkDsKR7j|qm;|a``zOk}(M7yJqTzTg^c3Nh znVp@@N!%ZcNCZCU1&b3+n-2idn>Y7Qo>8c{&@w%u(Et4rEjYc%e=}8LGq}WO(@{2Q zwwoXuy3)GmC>Ww-Fsst^yP&UWdDo}Eq~1DK!td@j(7Gdri!!&In>f;o+jdIXZ32y; zbYil??{^DlpF5*xR;s1P;m`8~f4sg<=0-Ua4{ASZWv(;+V5w;Kq?niLo8DBgppj4~ zJ!d25xuVi)<2;t9nLFOh{JO>=A(`q3w#%f0gFVC5M;}>Kb+t8ZvI{^ZA-015#Fi0r z(U1*d7G&lEg(yc6<#f*X)w#+}w1e=ggjAJzJIqGc%igrzYWL>g^3|JC#zOt4dF_>Y zN4w2xSiAWym{Law{ma>D>3)?vn&TDr5#5{0(BUp zHo(M!6!cX_4CYB@01VeJF2PnN>hDtR@!lKvqb^sEy@6Z(4?%toKQeHAPtg2oo_C77%y}1Og#r4nIp1va*UyZEW&Oh6@phr2f_W1|}Bp zu_{NGN!3|a4i4-n_FUh^3}sv7l3tIenoVjVoI>UP54%Cx!XhF_uguv~q~c>m|H_3o zUxSz8Mk;~boW%74OI?3||LD!hpYvallE!}G2TM*_OC3C+TP5lA5?}S3PYG*ql{NAi zKi-zZIp5JR>7S-~pd`1=&-mejoJh^&9a`r9#CnNT^l32UCy{;Rozxyesc7O5P_LjnueVX4T~6z)rW~JBU@M z+Y-IO0hz1K9&c@IF+=-SUhC{}`4jGq02ZFTsHY4(C`BJ4Y0Qb;c~F}k(#em6CqQQY z4Fw0ky%%~Cgfy#Y+28AyX!Z>^e-y!lEw^iR0dV)ZQySDbbl)Mf*PL{+RyOX$ zv34q`RWUX%hO%AX^)_UBw?e}kr5d*d7ELJ)4ayI>DuoYA8uZ8Z0vaPg?QY(oTuy3V z@-vkE6l!Y)+V{B*rz%z{l1QRpSh9)D$bj_qRyb3{Qq?_HefP#u>qLDqUvKhyJ`;~( zuC@h0wOPiyXI8-pVw&V*K=u2*`)eDO)1b(fmKF?+z|$MJGE?8@)qDWZN12V)Mr(^( zVwMfYc~4`ZG|!k-?isjE)L_X7Q&S;%5%9a0FAuaUsqe>p>rgF@%U>>aP4f0=D5*UY z%xyA$zZyf^q?j#&`mH)Q)*RYAUbC&DVCm^u-c5!M>tI;9xlys|Cw1-K@};(ALd@!- zoowFzS1C}Sc2a<~ntm%hGD}27?R2BNY;hYPBD<&Or4+RHp=a(h6r zKlAvEy~M-TE1vb16dhlS4O&b0AjV__>}EWtFjfm`fgWmHbI_`!J{ObiLg64CJ+mKf z4JkkExs(VrHa1%<%{%gyCccuoJs-`XBp{G9 zQtty>x#`#c%IW7^xet-)3{^{yC@lTytEv44@iR1+%`2-iAfm#ezNkjI35y#P=i)oI zV+?3&`!bZ%-z0dc zvvzvEprX2(d-i_;C|Z)puRH<9M0dc9Io{3_i6vR}8`5KYN`-t918qogsID}wJAU$J zRL|g`MO@8uyI;Th>;pB&rL2RzM07Ibtm)&7WF*&bQzn9ju)iAT4qcVsi>>uBh&Yqf zZLA35SUS8vb7aTr8r9bvAdJ0zAYUowej9!j8WtAD>Ay=5@27Og-{fhnGDXD10Csjc zRRu;A;i)PxgqmREQ_j=wAS`R$#rq*-oQ}EqjUc$G4sT2AS7`4h`z&~Wy@N+YS!80C z%*irr>qG1_0D(%h5t14|@hi-s15lo~72zfX0>@2cexb_IhcmlHb1KxQ==M8n#+PXQ z2#d0|EVHHxHjfb8B=+M)YhOc-54K6;Xhb;UjY4tjh5_o!SkjpEP(cB#0{tehE!=o) zeD?6pG?>`O)dz}UJJ;?{=>8%cn&X!+JM~Xq*4VNu_UDvE8_O<^rrqRn%sdy8{U&># z2WCH9$*;*`VbK{=5rEbPUz??Fv{$r8e4)4xRb0m)ojtyfaucSm7NtO76K%&yX%8D_ zoQt%#RKX5nU|;gW+9=`%FD}>5Q1XK&`p8vhj#l#9p0NXu0aK_Y`=tW*JPBnDpore2 zO^3Z^-|KIC77S-n93m?$EIM)=>i=!Oj)GshM9AL7-b`5|WxrL=n)gB?V%RTtG}4iv z1{zusinVN`r2Cf>acAlfaGeO7GmLQnug@y9D?wIECAzz=ac~q^EBnDcn!5s4#_NsN zTQ%;gtLsq|!aI?NgM(iiT0=3JzWcx=?Kp~om@~|3jbQQ*B1BINQ>Ii3TGU5RaB>Dj zcX&_MhlV_-h|qMi+oX>UhSav%*Jl+Q!GAdqW^47U%!^S#6V%nGL#LE z*V`9$X=!iw)=u9QRhg`}GJ925#iSbeG=M>#VC&Hd{q*&BERnxNOIx&qe0MBH+WxnT zRbPD5aZld{FRIbTvbw8F3ZYLM=B9X;D!V0yYo~+A8|isqJGVMoo7Gsv=8F6@3A2k+ z>PUgRe--Y4Uhi0dmo(-SeeSb{n$)zkxRzmgPJYv#1w!0p&wbV;5fv3HGQP~m+{pw- z!_W5#j)l_3wMN7`6H(UU4`7cBhh_s->k~Lz;o}x{o;fx_>raUG9eV)Vko^Kw(}4@| z1v#eUb)%T&26o@Y5=?IoKHtgqZ$6)dCyfk6<@?Hk6q_S%|E(v8SCb-35WkjU;dzC( z@!A%(CjFUT#BWE=ng%+326`ZQ#~zmYO?Q@hKWLDlTwodhc?rMjMe$KqiGJ1YU*-&X z^!#{ysxN<;s}xJJh5AQZFW)3M^WMozKbJK7c5pCv=5(SFKU&RW7UOCDWR81 z{bsE7)_sISLc+O~=5mr)?PGR6XQ2xNZpPvU7wmygyr})(RM$PW|EG=K%{Z zUN2-LlJiTn5l4`Hm`)%Kl(8;yHEPvIf!I^8qdZ`=A7azllcLz4qKG6O9fY3r_n21= zXR_4mf6uK!(^$8|!|!OQea0mwR)gL^?PYfAm0rDQUfOrqsQdKsDKK!Q+xz#o5Rj|$ z;-(!yxIj~8ylUDjgNy5+|83T>IfBLbL(bb+)KaK5rAVxokzlN)ZF##7)RW_RcSTZX zcy6vFJ_h^P?c;kZX=tepArF))G&vxn)6T};U14wgOv--}f>yFusPNZDi^A{X9|6jI z_=oM$(muH5>f@WrJ7H^U9h!GXw#N#p6CS&ZKMS-8GlxH1LDa|vPjW{B1yU^D*CkQWXxzcAPAzdlapv>fJY451L4nFuNsUS~?(t`2=&8l?|?1>q`14 z!Oz_|xKnRy>z9$P7OaFgoWKOu8k?A;a)aI76T7;!RFj2;h2tn4kh{A;>04Au#e*`c zWEuZR?x*Gm#;z{MWJ;>5)QW>8TI=r3A&>m_$9YX~HZ3hJeonEWM|S~N?#$RAU&4kA zL9ynD%b(;MZ7?+TtWXxd%Q;ny6*Su zzFyb;zLjni{E7D=p9X<2f}xxd*iq3gfw<27&CD7FiBG))E>~Da3CA;Sa2YWvX-W61 zZyF{XpSi4vG^?$nn$tuOW7UzA=g+za|Xwry+)>5!dsQ_=l;+YK#1gM4zkLQ&D(H&2r&&mHD@ol4uK z(e1Nb2%1~MpF$(k(a_nZy+ZlgB4v&b!m)ANT>r`L)GuF7E*X23$#nGgTJz%j$~`^F z{CuXx6My2>z(9nZ-E^2|fh3_L%CiJW+U%<)KVmKR4s8wjC#0I$i0jsy>Ta&Et4)*= zsXblgCb#I>=Ia~`d%UM0*t-?#l~Gewt1)I$oqxhs#~g)%({bOIiAK0`$K;sSXz{MM zF-OesXdJ%}(`N%@gURd5QyzibX-;po77|H(90wQ+ryOR+_US!o7eNA?^*^O=zAui^F7ef}foL1ysIqVOV~1#rjo2A&s}{l+iG9Y3cpl4uXiz-+ z+4M%hE{3Sbb0wcOM zL&ewDt99$^Qv}A^rQR@S!RFf9&^y-D7SV_RYgtIn&K_$p+s?n9$JrWn19k7&%aGa< z|3MdtB=qU}`!n!@t&jy0{j}ru-$eY>=EBvw#j!d2g;ZPN{TFuT_OC2f1zbF2p0t6PNos>YFz2>NvLy_GlvSz!?D*Le7yX`Y`?$IBP2Xo~_aB`Dg0G9OIrL(2 z^Y51y$Q4)b?z~RXNC?_Wh{NHSu~oocKG32<*8-V)4ajlj~%vJ>d{+e1XDJD@OldLmVUH~XUhN=y;O8#Q09n7KNXEYF_YGAYWjbEfbqtB z^!a(?>x-eo3n4oY8aXPn>Rwl2tRLoxs ztsZkUAS!T>>SDv>xd#Z+v!jvEZ$u}_=-xqE!OL_)EL4`;=xb62zE+9oZ8o)pU=40f*l~}uS3rcusS{|#3{(&Jse*LktX;&CHS_> zPJc|dxf$SXomcnbht{G^)&bW}ta3`2bhn+9&SWLylH$%%OQOF1`1?#4b@N9T$#MEGphj8ovDnYcUU7m8;Td*3^KC7bYcrs%C{e@TJdO zExQ)2uI|mP~?Nrx|k=iu~C(NZK75zXrdT<9`HgK@@MG?g4~ZVGpoTcor5LI zIQFmZ(%-rs`&UkD^bVAT9XjK~KrhrYF3LJIxJI3KtiHKZ=X>cI&%@Hn%3E}x_u|h3 z_@Uyf+d*H{L)LPGrETTTpUb8Sqpxe;?YN+oJ8K%YH4>KIk<&P7ynZ#f>rE`EvIJYV zHBZF9Y*=^G@}GQ8aac>yVQd@Qw`^NT9E{dyBh;u5bLMq_-~Ya4AbL+mX*hzsr>+=- z0q@KF{iqXC3{ptz_CWW&r=r?IPkVS9Qn2+DT3z;yX+s9~)A-q9Fum|2q`gn5Z}r_p zDIcLK``4~$IWwf*K>SCP`?&R2kWjc|U|(MzXaC77D-zGgm+l2CZ;Wg%bS+1WD26$4 z%W3BG?krxTdpCOd?m$I>8o!of%JNkfm38owl#+_bQ^z2D@TXr`bI-P2E?+2qc)r~4 zOybQ9n+_PNYSPlGo;XqmVA@gH4;fC1c#6|Jkfkh=p@$D!@zb(`N=jWiAD)MNJHBxq zU1^8fuj%t{kvxW6zznDJkIT@=pKQVEl~@m*NxSn{hxlS$D`a4xmCil#KeOa-C~PP< zE6a0zj%`te$W8M`wYNxj(aOAPncI7XCuaB-SvCR(eurnna<}%bc^mkj9i(l4d;j4> z>g{o6oElbWwbvwSIJdC(7&M`$ZjLf6M@mVvjFRiIa+=B|G+%p)On=5l1sKhn55D4u z#2CUHlwp~s%)R16s$%Cvje7o1FRbdNp@`1<8l z=lehh*S0p)hJR|5L6cpfczSw5D6Stawol(RLwQ}iKnQX1H#OJ%l2f(fSQkDh`g0{k*Z@AuKi00*M! zunj1BxMn(r){^GaBKZ6jylNOPso-Xa*SI=4g-WSlp1hN){f3;!yLAW57HTZ04T`pQ zd@2=}9{jyJ7nN~faP~=5-iZu?>Qr~Q(iDqOhtrkV*H!GH$(%C6Gs(!ZiDy#OHDp?D zdisB9mbO9tg@Afeup*jZaP**N@uzp?H7h zNK7lJs#-jYuJkY1Eq`?x`Jm$rA)w(e{cRF4`k`SWBBigNFv=!WNL>}QQ+L2Uaa56G z0heBFedj`SZ_)kz{T1L5731Q?s=ypVukgE*7}$YUDj%({qd%yya#MH0Bh0&ZeiH3e z!G8MkG-r6{DfP?V2QLD{d(e(Ru>|r4Dl5CRENmRUoj)S8%S~0$+ijPS+@(kWBKzx4 ziQ`Xq_X3E>FRJLTM~(mcJ@L`?T`mA1k-ylOzY1#qm+DrI9L9Kh&d&S(XWc?VOK??? V1VuQ#u4A{s*uY$$dc)=MzX907(K7%5 literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index 4db5431253..1edf8dcca8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -162,37 +162,9 @@ If there are pending actions on an Automated investigation, you'll see a pop up ![Image of pending actions](images/pending-actions.png) -When you click on the pending actions link, you'll be taken to the pending actions page. You can also navigate to the page from the navigation page by going to **Automated investigation** > **Pending actions**. +When you click on the pending actions link, you'll be taken to the Action center. You can also navigate to the page from the navigation page by going to **Automated investigation** > **Action center**. For more information, see [Action center](auto-investigation-action-center.md). -The pending actions view aggregates all investigations that require an action for an investigation to proceed or be completed. - -![Image of pending actions page](images/atp-pending-actions-list.png) - -Use the Customize columns drop-down menu to select columns that you'd like to show or hide. - -From this view, you can also download the entire list in CSV format using the **Export** feature, specify the number of items to show per page, and navigate between pages. - -Pending actions are grouped together in the following tabs: -- Quarantine file -- Remove persistence -- Stop process -- Expand pivot -- Quarantine service - ->[!NOTE] ->The tab will only appear if there are pending actions for that category. - -### Approve or reject an action -You'll need to manually approve or reject pending actions on each of these categories for the automated actions to proceed. - -Selecting an investigation from any of the categories opens a panel where you can approve or reject the remediation. Other details such as file or service details, investigation details, and alert details are displayed. - -![Image of pending action selected](images/atp-pending-actions-file.png) - -From the panel, you can click on the Open investigation page link to see the investigation details. - -You also have the option of selecting multiple investigations to approve or reject actions on multiple investigations. - ## Related topic - [Investigate Microsoft Defender ATP alerts](investigate-alerts.md) +- [Manage actions related to automated investigation and remediation](auto-investigation-action-center.md) From 0e5cacdc262bee2fe7838e0011d47cc2d9d858df Mon Sep 17 00:00:00 2001 From: jcaparas Date: Fri, 21 Jun 2019 13:55:10 -0700 Subject: [PATCH 3/3] space --- .../auto-investigation-action-center.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md index 1527dff194..8945fc0931 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md +++ b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md @@ -49,6 +49,6 @@ From the panel, you can click on the Open investigation page link to see the inv You also have the option of selecting multiple investigations to approve or reject actions on multiple investigations. -##Related topics +## Related topics - [Automated investigation and investigation](automated-investigations.md) -- [Learn about the automated investigations dashboard](manage-auto-investigation.md) \ No newline at end of file +- [Learn about the automated investigations dashboard](manage-auto-investigation.md)