deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-16 15:27:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #3563 from MicrosoftDocs/macky-incidentname2

Browse Source 
Updated incident name feature
This commit is contained in:
Tina Burden 2020-08-18 08:10:18 -07:00 committed by GitHub
commit d1cc2dbfac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md
View File

@ -34,13 +34,13 @@ Selecting an incident from the **Incidents queue** brings up the **Incident mana
You can assign incidents to yourself, change the status and classification, rename, or comment on them to keep track of their progress. You can assign incidents to yourself, change the status and classification, rename, or comment on them to keep track of their progress.
> [!TIP] > [!TIP]
> For additional visibility at-a-glance, automatic incident naming, currently in public preview, generates incident names based on alert attributes such as the number of endpoints affected, users affected, detection sources or categories. This allows you to quickly understand the scope of the incident. > For additional visibility at a glance, incident names are automatically generated based on alert attributes such as the number of endpoints affected, users affected, detection sources or categories. This allows you to quickly understand the scope of the incident.
> >
> For example: *Multi-stage incident on multiple endpoints reported by multiple sources.* > For example: *Multi-stage incident on multiple endpoints reported by multiple sources.*
> >
> Incidents that existed prior the rollout of automatic incident naming will not have their name changed. > Incidents that existed prior the rollout of automatic incident naming will retain their names.
> >
> Learn more about [turning on preview features](preview.md#turn-on-preview-features).
![Image of incident detail page](images/atp-incident-details-updated.png) ![Image of incident detail page](images/atp-incident-details-updated.png)

9
windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md
View File

@ -49,7 +49,7 @@ Incident severity | Description
High </br>(Red) | Threats often associated with advanced persistent threats (APT). These incidents indicate a high risk due to the severity of damage they can inflict on devices. High </br>(Red) | Threats often associated with advanced persistent threats (APT). These incidents indicate a high risk due to the severity of damage they can inflict on devices.
Medium </br>(Orange) | Threats rarely observed in the organization, such as anomalous registry change, execution of suspicious files, and observed behaviors typical of attack stages. Medium </br>(Orange) | Threats rarely observed in the organization, such as anomalous registry change, execution of suspicious files, and observed behaviors typical of attack stages.
Low </br>(Yellow) | Threats associated with prevalent malware and hack-tools that do not necessarily indicate an advanced threat targeting the organization. Low </br>(Yellow) | Threats associated with prevalent malware and hack-tools that do not necessarily indicate an advanced threat targeting the organization.
Informational </br>(Grey) | Informational incidents are those that might not be considered harmful to the network but might be good to keep track of. Informational </br>(Grey) | Informational incidents might not be considered harmful to the network but might be good to keep track of.
## Assigned to ## Assigned to
You can choose to filter the list by selecting assigned to anyone or ones that are assigned to you. You can choose to filter the list by selecting assigned to anyone or ones that are assigned to you.
@ -65,16 +65,15 @@ Use this filter to show incidents that contain sensitivity labels.
## Incident naming ## Incident naming
To understand the incident's scope at-a-glance, automatic incident naming, currently in public preview, generates incident names based on alert attributes such as the number of endpoints affected, users affected, detection sources or categories. To understand the incident's scope at a glance, incident names are automatically generated based on alert attributes such as the number of endpoints affected, users affected, detection sources or categories.
For example: *Multi-stage incident on multiple endpoints reported by multiple sources.* For example: *Multi-stage incident on multiple endpoints reported by multiple sources.*
> [!NOTE] > [!NOTE]
> Incidents that existed prior the rollout of automatic incident naming will not have their name changed. > Incidents that existed prior the rollout of automatic incident naming will retain their name.
Learn more about [turning on preview features](preview.md#turn-on-preview-features).
## Related topics ## See also
- [Incidents queue](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue) - [Incidents queue](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue)
- [Manage incidents](manage-incidents.md) - [Manage incidents](manage-incidents.md)
- [Investigate incidents](investigate-incidents.md) - [Investigate incidents](investigate-incidents.md)