diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md index 3a3d3bcda1..374e888b9b 100644 --- a/windows/keep-secure/TOC.md +++ b/windows/keep-secure/TOC.md @@ -722,6 +722,7 @@ #### [Tpmvscmgr](virtual-smart-card-tpmvscmgr.md) ### [Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md) #### [Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md) +#### [Preview features and updates](preview-windows-defender-advanced-threat-protection.md) #### [Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md) #### [Assign user access to the portal](assign-portal-access-windows-defender-advanced-threat-protection.md) #### [Onboard endpoints and set up access](onboard-configure-windows-defender-advanced-threat-protection.md) @@ -735,21 +736,53 @@ ##### [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) #### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md) #### [Use the Windows Defender ATP portal](use-windows-defender-advanced-threat-protection.md) -##### [View the Dashboard](dashboard-windows-defender-advanced-threat-protection.md) +##### [View the Dashboard](dashboard-windows-defender-advanced-threat-protection.md) ##### [View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md) ##### [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) -##### [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md) +###### [Alert process tree](investigate-alerts-windows-defender-advanced-threat-protection.md#alert-process-tree) +###### [Incident graph](investigate-alerts-windows-defender-advanced-threat-protection.md#incident-graph) +###### [Alert timeline](investigate-alerts-windows-defender-advanced-threat-protection.md#alert-timeline) ##### [Investigate files](investigate-files-windows-defender-advanced-threat-protection.md) ##### [Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md) ##### [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md) +##### [View and organize the Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md) +##### [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md) +###### [Search for specific alerts](investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-alerts) +###### [Filter events from a specific date](investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date) +###### [Export machine timeline events](investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events) +###### [Navigate between pages](investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages) +##### [Investigate a user account](investigate-user-entity-windows-defender-advanced-threat-protection.md) ##### [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md) -#### [Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md) -#### [Windows Defender ATP service status](service-status-windows-defender-advanced-threat-protection.md) +#### [Take response actions](response-actions-windows-defender-advanced-threat-protection.md) +##### [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md) +###### [Isolate machines from the network](respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network) +###### [Undo machine isolation](respond-machine-alerts-windows-defender-advanced-threat-protection.md#undo-machine-isolation) +###### [Collect investigation package](respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package) +###### [Check activity details in Action center](respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center) +##### [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md) +###### [Stop and quarantine files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network) +###### [Remove file from quarantine](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine) +###### [Block files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network) +###### [Check activity details in Action center](respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center) +###### [Deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis) +####### [Submit files for analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis) +####### [View deep analysis reports](respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports) +####### [Troubleshoot deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis) #### [Configure SIEM tools to consume alerts](configure-siem-windows-defender-advanced-threat-protection.md) ##### [Configure an Azure Active Directory application for SIEM integration](configure-aad-windows-defender-advanced-threat-protection.md) ##### [Configure Splunk to consume Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md) ##### [Configure HP ArcSight to consume Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md) -#### [Configure email notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md) +#### [Check sensor status](check-sensor-status-windows-defender-advanced-threat-protection.md) +##### [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md) +###### [Inactive machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines) +###### [Misconfigured machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines) +#### [Configure Windows Defender ATP preferences settings](preferences-setup-windows-defender-advanced-threat-protection.md) +##### [Update general settings](general-settings-windows-defender-advanced-threat-protection.md) +##### [Turn on advanced features](advanced-features-windows-defender-advacned-threat-protection.md) +##### [Turn on preview experience](preview-settings-windows-defender-advanced-threat-protection.md) +##### [Configure email notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md) +#### [Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md) +#### [Windows Defender ATP service status](service-status-windows-defender-advanced-threat-protection.md) #### [Troubleshoot Windows Defender ATP](troubleshoot-windows-defender-advanced-threat-protection.md) #### [Review events and errors on endpoints with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md) #### [Windows Defender compatibility](defender-compatibility-windows-defender-advanced-threat-protection.md)