update alerts queue page

windows/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md

@@ -35,19 +35,23 @@ To see a list of alerts, click any of the queues under the **Alerts queue** opti
 > [!NOTE]
 > By default, alerts in the queues are sorted from newest to oldest.
 
-## Sort and filter the alerts
+![Image of alerts queue](images/atp-alertsq2.png)
+
+##  Sort, filter, and group the alerts list
 You can sort and filter the alerts using the available filters or clicking on a column's header that will sort the view in ascending or descending order.
 
-![Alerts queue with numbers](images/alerts-queue-numbered.png)
+**Time period**</br>
+- 1 day
+- 3 days
+- 7 days
+- 30 days
+- 6 months
 
-Highlighted area|Area name|Description
-:---|:---|:---
-1 | Alert filters | Filter the list of alerts by severity, detection source, time period, or change the view from flat to grouped.
-2 | Alert selected | Select an alert to bring up the **Alert management** pane to manage and see details about the alert.
-3 | Alert management pane | View and manage alerts without leaving the alerts queue view.
-
-### Sort, filter, and group the alerts list
-You can use the following filters to limit the list of alerts displayed during an investigation:
+**OS Platform**<br>
+  - Windows 10
+  - Windows Server 2012 R2
+  - Windows Server 2016
+  - Other
 
 **Severity**</br>
 
@@ -67,22 +71,17 @@ Reviewing the various alerts and their severity can help you decide on the appro
 >[!NOTE]
 >The Windows Defender Antivirus filter will only appear if your endpoints are using Windows Defender as the default real-time protection antimalware product.
 
-**Time period**</br>
-- 1 day
-- 3 days
-- 7 days
-- 30 days
-- 6 months
-
 **View**</br>
 - **Flat view** - Lists alerts individually with alerts having the latest activity displayed at the top.
 - **Grouped view** - Groups alerts by alert ID, file hash, malware family, or other attribute to enable more efficient alert triage and management. Alert grouping reduces the number of rows in the queue by aggregating similar alerts together.
 
-The grouped view allows efficient alert triage and management.
+The grouped view allows for efficient alert triage and management.
 
 ### Use the Alert management pane
 Selecting an alert brings up the **Alert management** pane where you can manage and see details about the alert.
 
+![Image of an alert selected](images/atp-alerts-selected.png)
+
 You can take immediate action on an alert and see details about an alert in the **Alert management** pane:
 
 - Change the status of an alert from new, to in progress, or resolved.
@@ -101,6 +100,11 @@ You can take immediate action on an alert and see details about an alert in the
 >[!NOTE]
 >You can also access the **Alert management** pane from the machine details view by selecting an alert in the **Alerts related to this machine** section.
 
+### Use the User details pane
+Selecting a user brings up the **User details** pane where you can see information such as machine details, related alerts, last IP address, when the machine was first and last seen reporting to the service, and information on the logged on users.
+
+![Alerts queue with numbers](images/atp-alerts-queue-user.png)
+
 ### Bulk edit alerts
 Select multiple alerts (Ctrl or Shift select) and manage or edit alerts together, which allows resolving multiple similar alerts in one action.
 
@@ -112,8 +116,8 @@ Select multiple alerts (Ctrl or Shift select) and manage or edit alerts together
 - [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
 - [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
 - [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
+- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)
+- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
 - [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
 - [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
 - [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)