From d50829cb320d38c7231481b1a4cce25d52e314b7 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 19 Sep 2019 15:26:30 -0700 Subject: [PATCH] add mitre techniques --- .../microsoft-defender-atp/alerts-queue.md | 6 ++++++ .../microsoft-defender-atp/investigate-alerts.md | 6 +++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md index fe3c249332..b64e2b0aac 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md +++ b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md @@ -87,6 +87,7 @@ The table below lists the current categories and how they generally map to previ | Suspicious activity | General, None, NotApplicable, EnterprisePolicy, SuspiciousNetworkTraffic | Atypicaly activity that could be malware activity or part of an attack | | Unwanted software | UnwantedSoftware | Low-reputation apps and apps that impact productivity and the user experience; detected as potentially unwanted applications (PUAs) | + ### Status You can choose to limit the list of alerts based on their status. @@ -115,6 +116,11 @@ If you have specific machine groups that you're interested in checking the alert ### Associated threat Use this filter to focus on alerts that are related to high profile threats. You can see the full list of high-profile threats in [Threat analytics](threat-analytics.md). + + + + + ## Related topics - [Manage Microsoft Defender Advanced Threat Protection alerts](manage-alerts.md) - [Investigate Microsoft Defender Advanced Threat Protection alerts](investigate-alerts.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md index fc412ef07c..b3ada6226a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md @@ -32,7 +32,11 @@ Investigate alerts that are affecting your network, understand what they mean, a Click an alert to see the alert details view and the various tiles that provide information about the alert. -You can also manage an alert and see alert metadata along with other information that can help you make better decisions on how to approach them. You'll also see a status of the automated investigation on the upper right corner. Clicking on the link will take you to the Automated investigations view. For more information, see [Automated investigations](automated-investigations.md). +From the alert details view, you can manage an alert and see alert data such as severity, category, technique, along with other information that can help you make better decisions on how to approach them. + +The techniques reflected in the card are based on [MITRE enterprise techniques](https://attack.mitre.org/techniques/enterprise/). + +You'll also see a status of the automated investigation on the upper right corner. Clicking on the link will take you to the Automated investigations view. For more information, see [Automated investigations](automated-investigations.md). ![Image of the alert page](images/atp-alert-view.png)