deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 06:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update automated-investigations-windows-defender-advanced-threat-protection.md

Browse Source
This commit is contained in:
Benny Lakunishok 2018-05-02 13:30:02 +03:00 committed by GitHub
parent 1f3aeaa624
commit edf76249a6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md
View File

@ -36,7 +36,8 @@ The Automated investigations list shows all the investigations that have been in
## Understand the Automated investigation flow ## Understand the Automated investigation flow
### How the Automated investigation starts ### How the Automated investigation starts
Entities are the starting point for Automated investigations. When an alert contains a supported entity for Automated investigation (for example, a file) an Automated investigation starts. Entities are the starting point for Automated investigations. When an alert contains a supported entity for Automated investigation (for example, a file) that resides on a machine that has a *supported operating system for Automated investigation then an Automated investigation can start.
*Currently only Windows 10 version 1803 (spring creators update) and above are supported operating systems for Autoamted Investigation
The alerts start by analyzing the supported entities from the alert and also runs a generic machine playbook to see if there is anything else suspicious on that machine. The outcome and details from the investigation is seen in the Automated investigation view. The alerts start by analyzing the supported entities from the alert and also runs a generic machine playbook to see if there is anything else suspicious on that machine. The outcome and details from the investigation is seen in the Automated investigation view.