From ba9252360db964a402d8852b31aefa99f0d68795 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 6 Apr 2018 15:01:40 -0700 Subject: [PATCH] explain status ring --- ...ns-windows-defender-advanced-threat-protection.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md index 4c53ce82a3..90354b0277 100644 --- a/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md @@ -141,16 +141,18 @@ In this view, you'll see the name of the investigation, when it started and ende ![Image of investigation details window](images/atp-analyze-auto-ir.png) -The upper right corner shows that the automated investigation started on 10:26:59 AM and ended on 10:56:26 AM. Therefore, the entire investigation was running for 29 minutes and 27 seconds. - -The pending time of 16 minutes and 51 seconds reflects two possible pending states: pending for asset (for example, the device might have disconnected from the network) or pending for approval. +The progress ring shows two status indicators: +- Orange ring - shows the pending portion of the investigation +- Green ring - shows the running time portion of the investigation ![Image of start, end, and pending time for an automated investigation](images/atp-auto-investigation-pending.png) +In the example image, the automated investigation started on 10:26:59 AM and ended on 10:56:26 AM. Therefore, the entire investigation was running for 29 minutes and 27 seconds. + +The pending time of 16 minutes and 51 seconds reflects two possible pending states: pending for asset (for example, the device might have disconnected from the network) or pending for approval. + From this view, you can also view and add comments and tags about the investigation. - - ### Investigation page The investigation page gives you a quick summary on the status, alert severity, category, and detection source.