diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md
index 95ec10fff4..186792cda1 100644
--- a/windows/keep-secure/TOC.md
+++ b/windows/keep-secure/TOC.md
@@ -741,17 +741,21 @@
 ##### [Alert process tree](investigate-alerts-windows-defender-advanced-threat-protection.md#alert-process-tree)
 ##### [Incident graph](investigate-alerts-windows-defender-advanced-threat-protection.md#incident-graph)
 ##### [Alert timeline](investigate-alerts-windows-defender-advanced-threat-protection.md#alert-timeline)
-#### [Consume alerts and create custom indicators](configure-siem-windows-defender-advanced-threat-protection.md)
+#### [Consume alerts and create custom threat intelligence](configure-siem-windows-defender-advanced-threat-protection.md)
 ##### [Configure an Azure Active Directory application for SIEM integration](configure-aad-windows-defender-advanced-threat-protection.md)
 ##### [Configure Splunk to consume Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
 ##### [Configure HP ArcSight to consume Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
-#### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-##### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
-##### [Create custom threat intelligence using REST API](custom-ti-api-windows-defender-advanced-threat-protection.md)
-##### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
+##### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
+###### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+###### [Create custom threat intelligence using REST API](custom-ti-api-windows-defender-advanced-threat-protection.md)
+###### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
 #### [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
 #### [Machines view overview](machines-view-overview-windows-defender-advanced-threat-protection.md)
 #### [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md)
+##### [Search for specific alerts](investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-alerts)
+##### [Filter events from a specific date](investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
+##### [Export machine timeline events](investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
+##### [Navigate between pages](investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
 #### [Respond to machine alerts](respond-machine-alerts-windows-defender-advanced-threat-protection.md)
 ##### [Isolate machines from the network](respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
 ##### [Undo machine isolation](respond-machine-alerts-windows-defender-advanced-threat-protection.md#undo-machine-isolation)