deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 14:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

alert content updates

Browse Source
This commit is contained in:
Joey Caparas 2017-02-06 14:07:44 -08:00
parent db11efe217
commit e09b794d59
3 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
windows/keep-secure/images/alert-details.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 39 KiB

After

Width:  |  Height:  |  Size: 105 KiB

BIN
windows/keep-secure/images/atp-thunderbolt-icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.0 KiB

15
windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md
View File

@ -27,12 +27,12 @@ You can click an alert in any of the [alert queues](alerts-queue-windows-defende
Alerts attributed to an adversary or actor display a colored tile with the actor name.
![A detailed view of an alert when clicked](images/alert-details.png)
Click on the actor's name to see a threat intelligence profile of the actor, including a brief overview of the actor, their interests or targets, tools, tactics, and processes (TTPs) as well as areas where it's active worldwide. You will also see a set of recommended actions to take.
Some actor profiles include a link to download a more comprehensive threat intelligence report.
![A detailed view of an alert when clicked](images/alert-details.png)
## Alert process tree
The **Alert process tree** takes alert triage and investigation to the next level by displaying the alert and its evidence with other events that occurred in the same execution context and time. This broad triage context of the alert and surrounding events is available on the alert page.
@ -40,11 +40,20 @@ The **Alert process tree** takes alert triage and investigation to the next leve
The alert process tree expands to display the execution path of the alert, its evidence, and related events that occurred in proximity - before and after - the alert.
Youll see markers (thunderbolt icon) that indicate related events.
Youll see markers ![Image of thunderbolt icon](images/atp-thunderbolt-icon.png)that indicate related events. These icons also indicate the events that triggered the alert.
>[!NOTE]
>The alert process tree might not be available in some alerts.
Selecting an indicator within the alert process tree brings up the **Alert details** pane where you can take a deeper look at the details about the alert.
You can take the following management actions on an alert from the **Alert management** pane:
## Incident graph
The incident graph provides a visual representation of where an alert was seen, events that triggered the alert, and which other machines are affected by the event. It provides an illustrated alert footprint on the original machine and expands to show the footprint of each alert event on other machines.