From 732f117a0bcf3be40da560bfcca294bb1e9d7922 Mon Sep 17 00:00:00 2001 From: Dolcita Montemayor Date: Mon, 27 Aug 2018 06:14:29 +0000 Subject: [PATCH] Updated manage-incidents-windows-defender-advanced-threat-protection.md --- ...e-incidents-windows-defender-advanced-threat-protection.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md index 83dc1dd39b..3c6199ece0 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md @@ -38,10 +38,10 @@ You can categorize incidents (as **Active**, or **Resolved**) by changing their For example, your SoC analyst can review the urgent **Active** incidents for the day, and decide to assign them to himself for investigation. -Alternatively, your SoC analyst might assign the incident as **Resolved** if the incident has been remediated. +Alternatively, your SoC analyst might set the incident as **Resolved** if the incident has been remediated. ## Classify the incident -You can choose not to set a classification, or decide to specify whether an incident is a true or false. Doing so helps the team see patterns and learn from them. +You can choose not to set a classification, or decide to specify whether an incident is true or false. Doing so helps the team see patterns and learn from them. ## Rename incident By default, incidents are assigned with numbers. You can rename the incident if your organization uses a naming convention for easier cybersecurity threat identification.