From 0ec2e2a1f59979681c041064f7a400698a4690cd Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 29 Jan 2019 14:31:46 -0800 Subject: [PATCH 1/2] move incident from preview, update alerts list --- .../windows-defender-atp/incidents-queue.md | 3 +-- ...-incidents-windows-defender-advanced-threat-protection.md | 2 +- .../preview-windows-defender-advanced-threat-protection.md | 5 ----- .../whats-new-in-windows-defender-atp.md | 3 +++ 4 files changed, 5 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/incidents-queue.md b/windows/security/threat-protection/windows-defender-atp/incidents-queue.md index 01abcc2317..ff6360dbe3 100644 --- a/windows/security/threat-protection/windows-defender-atp/incidents-queue.md +++ b/windows/security/threat-protection/windows-defender-atp/incidents-queue.md @@ -11,10 +11,9 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: medium -ms.date: 10/08/2018 --- -# Incidents queue in Windows Defender ATP +# Incidents in Windows Defender ATP **Applies to:** - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md index 464c9131b9..f649b97c7b 100644 --- a/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md @@ -11,7 +11,6 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: medium -ms.date: 10/08/2018 --- # Investigate incidents in Windows Defender ATP @@ -36,6 +35,7 @@ Alerts are grouped into incidents based on the following reasons: - Manual association - A user manually linked the alerts - Proximate time - The alerts were triggered on the same machine within a certain timeframe - Same file - The files associated with the alert are exactly the same +- Same URL - The URL that triggered the alert is exactly the same ![Image of alerts tab in incident page showing the Linked by tool tip](images/atp-incidents-alerts-tooltip.png) diff --git a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md index f0d5d23e2f..10b8cd3d81 100644 --- a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md @@ -42,11 +42,6 @@ The following features are included in the preview release: - [Information protection](information-protection-in-windows-overview.md)
Windows Defender ATP is seamlessly integrated in Microsoft Threat Protection to provide a complete and comprehensive data loss prevention (DLP) solution for Windows devices. This solution is delivered and managed as part of the unified Microsoft 365 information protection suite. - -- [Incidents](incidents-queue.md)
-Windows Defender ATP applies correlation analytics and aggregates all related alerts and investigations into an incident. Doing so helps narrate a broader story of an attack, thus providing you with the right visuals (upgraded incident graph) and data representations to understand and deal with complex cross-entity threats to your organization's network. - - - [Integration with Microsoft Cloud App Security](microsoft-cloud-app-security-integration.md)
Microsoft Cloud App Security leverages Windows Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Windows Defender ATP monitored machines. diff --git a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md index 7557ed0cfe..f6bcee92a8 100644 --- a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md +++ b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md @@ -20,6 +20,9 @@ ms.localizationpriority: medium Here are the new features in the latest release of Windows Defender ATP. ## Windows Defender ATP 1809 +- [Incidents](incidents-queue.md)
+Windows Defender ATP applies correlation analytics and aggregates all related alerts and investigations into an incident. Doing so helps narrate a broader story of an attack, thus providing you with the right visuals (upgraded incident graph) and data representations to understand and deal with complex cross-entity threats to your organization's network. + - [Support for iOS and Android devices](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection#turn-on-third-party-integration)
Support for iOS and Android devices are now supported. - [Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard)
From d3c912f4f7277ee441467fcea95375209d47677a Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 29 Jan 2019 14:38:02 -0800 Subject: [PATCH 2/2] remove pre-release blurbs for incident topics --- .../threat-protection/windows-defender-atp/incidents-queue.md | 1 - ...te-incidents-windows-defender-advanced-threat-protection.md | 1 - ...ge-incidents-windows-defender-advanced-threat-protection.md | 3 --- .../windows-defender-atp/view-incidents-queue.md | 1 - 4 files changed, 6 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/incidents-queue.md b/windows/security/threat-protection/windows-defender-atp/incidents-queue.md index ff6360dbe3..70fe1e5761 100644 --- a/windows/security/threat-protection/windows-defender-atp/incidents-queue.md +++ b/windows/security/threat-protection/windows-defender-atp/incidents-queue.md @@ -17,7 +17,6 @@ ms.localizationpriority: medium **Applies to:** - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) -[!include[Prerelease information](prerelease.md)] When a cybersecurity threat is emerging, or a potential attacker is deploying its tactics, techniques/tools, and procedures (TTPs) on the network, Windows Defender ATP will quickly trigger alerts and launch matching automatic investigations. diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md index f649b97c7b..5db8fd9149 100644 --- a/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md @@ -18,7 +18,6 @@ ms.localizationpriority: medium **Applies to:** - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) -[!include[Prerelease information](prerelease.md)] Investigate incidents that affect your network, understand what they mean, and collate evidence to resolve them. diff --git a/windows/security/threat-protection/windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md index 83a65ee991..60e5f71d42 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md @@ -19,9 +19,6 @@ ms.date: 010/08/2018 **Applies to:** - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) -[!include[Prerelease information](prerelease.md)] - - Managing incidents is an important part of every cybersecurity operation. You can manage incidents by selecting an incident from the **Incidents queue** or the **Incidents management pane**. You can assign incidents to yourself, change the status, classify, rename, or comment on them to keep track of their progress. ![Image of the incidents management pane](images/atp-incidents-mgt-pane.png) diff --git a/windows/security/threat-protection/windows-defender-atp/view-incidents-queue.md b/windows/security/threat-protection/windows-defender-atp/view-incidents-queue.md index 7ecf9f1fda..e2549576d7 100644 --- a/windows/security/threat-protection/windows-defender-atp/view-incidents-queue.md +++ b/windows/security/threat-protection/windows-defender-atp/view-incidents-queue.md @@ -18,7 +18,6 @@ ms.date: 10/08/2018 **Applies to:** - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) -[!include[Prerelease information](prerelease.md)] The **Incidents queue** shows a collection of incidents that were flagged from machines in your network. It helps you sort through incidents to prioritize and create an informed cybersecurity response decision.