deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 19:03:46 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Updated manage-incidents-windows-defender-advanced-threat-protection.md

Browse Source
This commit is contained in:
Dolcita Montemayor
2018-08-27 06:14:29 +00:00
parent 526ed80cbb
commit 732f117a0b
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/threat-protection/windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md
View File

@ -38,10 +38,10 @@ You can categorize incidents (as **Active**, or **Resolved**) by changing their
For example, your SoC analyst can review the urgent **Active** incidents for the day, and decide to assign them to himself for investigation.
Alternatively, your SoC analyst might assign the incident as **Resolved** if the incident has been remediated.
Alternatively, your SoC analyst might set the incident as **Resolved** if the incident has been remediated.
## Classify the incident
You can choose not to set a classification, or decide to specify whether an incident is a true or false. Doing so helps the team see patterns and learn from them.
You can choose not to set a classification, or decide to specify whether an incident is true or false. Doing so helps the team see patterns and learn from them.
## Rename incident
By default, incidents are assigned with numbers. You can rename the incident if your organization uses a naming convention for easier cybersecurity threat identification.