deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 12:53:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Acrolinx fixes

Browse Source
This commit is contained in:
Denise Vangel-MSFT
2020-04-17 11:59:21 -07:00
parent cdd2514612
commit dd93974f67
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md
View File

@ -29,7 +29,7 @@ During and after an automated investigation, certain remediation actions can be
The action center consists of two main tabs: **Pending actions** and **History**. The action center consists of two main tabs: **Pending actions** and **History**.
- **Pending actions** Displays a list of ongoing investigations that require attention. Recommended actions are presented that your security operations team can approve or reject. The Pending tab appears only if there are pending actions to be approved (or rejected). - **Pending actions** Displays a list of ongoing investigations that require attention. Recommended actions are presented that your security operations team can approve or reject. The Pending tab appears only if there are pending actions to be approved (or rejected).
- **History** Acts as an audit log for all of the following: <br/> - **History** Acts as an audit log for all of the following items: <br/>
- Remediation actions that were taken as a result of an automated investigation - Remediation actions that were taken as a result of an automated investigation
- Remediation actions that were approved by your security operations team (some actions, such as sending a file to quarantine, can be undone) - Remediation actions that were approved by your security operations team (some actions, such as sending a file to quarantine, can be undone)
- Commands that were run and remediation actions that were applied in Live Response sessions (some actions can be undone) - Commands that were run and remediation actions that were applied in Live Response sessions (some actions can be undone)
@ -60,7 +60,7 @@ On the **Investigations** page, you can view details and use filters to focus on
|**Status** |(See [Automated investigation status](#automated-investigation-status)) | |**Status** |(See [Automated investigation status](#automated-investigation-status)) |
|**Triggering alert** | The alert that initiated the automated investigation | |**Triggering alert** | The alert that initiated the automated investigation |
|**Detection source** |The source of the alert that initiated the automated investigation. | |**Detection source** |The source of the alert that initiated the automated investigation. |
|**Entities** | These can include device or machines, and machine groups. You can filter the automated investigations list to zone in a specific machine to see other investigations related to the machine, or to see specific machine groups that you might have created. | |**Entities** | Entities can include device or machines, and machine groups. You can filter the automated investigations list to zone in a specific machine to see other investigations related to the machine, or to see specific machine groups that you might have created. |
|**Threat** |The category of threat detected during the automated investigation. | |**Threat** |The category of threat detected during the automated investigation. |
|**Tags** |Filter using manually added tags that capture the context of an automated investigation.| |**Tags** |Filter using manually added tags that capture the context of an automated investigation.|
|**Comments** |Select between filtering the list between automated investigations that have comments and those that don't.| |**Comments** |Select between filtering the list between automated investigations that have comments and those that don't.|

2
windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
View File

@ -46,7 +46,7 @@ In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and
3. Review any items on the **Pending** tab. 3. Review any items on the **Pending** tab.
Selecting an investigation from any of the categories opens a panel where you can approve or reject the remediation. Other details such as file or service details, investigation details, and alert details are displayed. From the panel, you can click on the **Open investigation page** link to see the investigation details. Select an investigation from any of the categories to open a panel where you can approve or reject remediation actions. Other details such as file or service details, investigation details, and alert details are displayed. From the panel, you can click on the **Open investigation page** link to see the investigation details.
You can also select multiple investigations to approve or reject actions on multiple investigations. You can also select multiple investigations to approve or reject actions on multiple investigations.