From 9e0135d6f6a59131cb024d703f52e3a92b8f46bb Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 15:25:45 -0800
Subject: [PATCH] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md       | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 573573fee3..eb27f493c0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -195,11 +195,16 @@ Your security team can classify an alert as a false positive in the Microsoft De
 4. In the **Manage alert** section, select **True alert** or **False alert**. Use **False alert** to classify a false positive.
 
 > [!TIP]
-> For more information about suppressing alerts, see [Manage Microsoft Defender for Endpoint alerts](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-alerts).
+> - For more information about suppressing alerts, see [Manage Microsoft Defender for Endpoint alerts](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-alerts).
+> - If your organization is using a security information and event management (SIEM) server, make sure to define a suppression rule there, too. 
 
 ## Submit a file for analysis
 
-*https://www.microsoft.com/wdsi/filesubmission/*
+You can submit files, such as false positives or false negatives, to Microsoft for analysis. Microsoft security researchers analyze all submissions. 
+
+1. Review the guidelines here: [Submit files for analysis](https://docs.microsoft.com/windows/security/threat-protection/intelligence/submission-guide).
+
+2. Visit the Microsoft Security Intelligence submission site at [https://www.microsoft.com/wdsi/filesubmission](https://www.microsoft.com/wdsi/filesubmission), and submit your file(s).
 
 ## Confirm your software uses EV code signing