diff --git a/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
index c42b1ba141..ff01ada28a 100644
--- a/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
@@ -276,7 +276,7 @@ Field numbers match the numbers in the images below.
 
 ![Image of alert details pane with numbers](images/atp-siem-mapping13.png)
 
-![Image of alert timeline with numbers](images/atp-siem-mapping3.png)
+![Image of artifact timeline with numbers](images/atp-siem-mapping3.png)
 
 ![Image of alert timeline with numbers](images/atp-siem-mapping4.png)
 
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-alert-timeline.png b/windows/threat-protection/windows-defender-atp/images/atp-alert-timeline.png
index f162f21b1b..1918156dc2 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-alert-timeline.png and b/windows/threat-protection/windows-defender-atp/images/atp-alert-timeline.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping3.png b/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping3.png
index 8dcfa06ea0..191941085d 100644
Binary files a/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping3.png and b/windows/threat-protection/windows-defender-atp/images/atp-siem-mapping3.png differ
diff --git a/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md
index d53e025d1a..48efd166c7 100644
--- a/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md
@@ -30,7 +30,7 @@ The alert context tile shows the where, who, and when context of the alert. As w
 
 For more information about managing alerts, see [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md).
 
-The alert details page also shows the alert process tree, an incident graph, and an alert timeline.
+The alert details page also shows the alert process tree, an incident graph, and an artifact timeline.
 
 You can click on the machine link from the alert view to navigate to the machine. The alert will be highlighted automatically, and the timeline will display the appearance of the alert and its evidence in the **Machine timeline**. If the alert appeared more than once on the machine, the latest occurrence will be displayed in the **Machine timeline**.
 
@@ -77,10 +77,10 @@ The **Incident Graph** expansion by destination IP Address, shows the organizati
 
 You can click the full circles on the incident graph to expand the nodes and view the expansion to other machines where the matching criteria were observed.
 
-## Alert timeline
-The **Alert timeline** feature provides an addition view of the evidence that triggered the alert on the machine, and shows the date and time the evidence triggering the alert was observed, as well as the first time it was observed on the machine. This can help in understanding if the evidence was first observed at the time of the alert, or whether it was observed on the machine earlier - without triggering an alert.
+## Artifact timeline
+The **Artifact timeline** feature provides an addition view of the evidence that triggered the alert on the machine, and shows the date and time the evidence triggering the alert was observed, as well as the first time it was observed on the machine. This can help in understanding if the evidence was first observed at the time of the alert, or whether it was observed on the machine earlier - without triggering an alert.
 
-![Image of alert timeline](images/atp-alert-timeline.png)
+![Image of artifact timeline](images/atp-alert-timeline.png)
 
 Selecting an alert detail brings up the **Details pane** where you'll be able to see more information about the alert such as file details, detections, instances of it observed worldwide, and in the organization.
 
diff --git a/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
index 7d46d4d4bf..efb9f88b2b 100644
--- a/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
@@ -42,7 +42,7 @@ The action takes effect on machines with the latest Windows 10, version 1703 whe
 ### Stop and quarantine files
 1.	Select the file you want to stop and quarantine. You can select a file from any of the following views or use the Search box:
 
-  - **Alerts** - click the corresponding links from the Description or Details in the Alert timeline
+  - **Alerts** - click the corresponding links from the Description or Details in the Artifact timeline
   - **Search box** - select File from the drop–down menu and enter the file name
 
 2.	Open the **Actions menu** and select **Stop and Quarantine File**.
@@ -135,7 +135,7 @@ For prevalent files in the organization, a warning is shown before an action is
 ### Remove file from blocked list
 1.	Select the file you want to remove from the blocked list. You can select a file from any of the following views or use the Search box:
 
-  - **Alerts** - Click the file links from the Description or Details in the Alert timeline <br>
+  - **Alerts** - Click the file links from the Description or Details in the Artifact timeline <br>
   - **Machines list** - Click the file links in the Description or Details columns in the Observed on machine section <br>
   - **Search box** - Select File from the drop–down menu and enter the file name
 
@@ -180,7 +180,7 @@ When the sample is collected, Windows Defender ATP runs the file in is a secure
 **Submit files for deep analysis:**
 
 1. Select the file that you want to submit for deep analysis. You can select or search a file from any of the following views: <br>
-  - Alerts - click the file links from the **Description** or **Details** in the Alert timeline <br>
+  - Alerts - click the file links from the **Description** or **Details** in the Artifact timeline <br>
   - **Machines list** - click the file links from the **Description** or **Details** in the **Machine in organization** section <br>
   - Search box - select **File** from the drop–down menu and enter the file name <br>
 2. In the **Deep analysis** section of the file view, click **Submit**.