mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-21 13:23:36 +00:00
AIR content updates
This commit is contained in:
Denise Vangel-MSFT
@ -18,7 +18,6 @@ ms.topic: article
|
|||||||
|
|
||||||
# View details and results of automated investigations
|
# View details and results of automated investigations
|
||||||
|
|
||||||
When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *Clean*. Depending on the type of threat and resulting verdict, remediation actions occur automatically or upon approval by your organization’s security operations team.
|
|
||||||
|
|
||||||
Pending and completed actions are listed in the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and the Investigations list ([https://securitycenter.windows.com/investigations](https://securitycenter.windows.com/investigations)).
|
Pending and completed actions are listed in the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and the Investigations list ([https://securitycenter.windows.com/investigations](https://securitycenter.windows.com/investigations)).
|
||||||
|
|
||||||
|
|||||||
@ -23,17 +23,29 @@ When an automated investigation runs, a verdict is generated for each piece of e
|
|||||||
|
|
||||||
As a best practice, make sure to approve (or reject) pending actions as soon as possible. This helps your automated investigations complete in a timely manner.
|
As a best practice, make sure to approve (or reject) pending actions as soon as possible. This helps your automated investigations complete in a timely manner.
|
||||||
|
|
||||||
1.
|
## Review pending actions
|
||||||
|
|
||||||
|
1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. This takes you to your Security dashboard.
|
||||||
|
|
||||||
|
2. On the Security dashboard, in the navigation pane on the left, choose **Automated investigations** > **Action center**.
|
||||||
|
|
||||||
|
3. Review any items on the **Pending** tab.
|
||||||
|
|
||||||
|
Selecting an investigation from any of the categories opens a panel where you can approve or reject the remediation. Other details such as file or service details, investigation details, and alert details are displayed. From the panel, you can click on the **Open investigation page** link to see the investigation details.
|
||||||
|
|
||||||
|
You can also select multiple investigations to approve or reject actions on multiple investigations.
|
||||||
|
|
||||||
|
|
||||||
You'll need to manually approve or reject pending actions on each of these categories for the automated actions to proceed.
|
|
||||||
|
|
||||||
Selecting an investigation from any of the categories opens a panel where you can approve or reject the remediation. Other details such as file or service details, investigation details, and alert details are displayed.
|
## Review completed actions
|
||||||
|
|
||||||
From the panel, you can click on the Open investigation page link to see the investigation details.
|
1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. This takes you to your Security dashboard.
|
||||||
|
|
||||||
You also have the option of selecting multiple investigations to approve or reject actions on multiple investigations.
|
2. On the Security dashboard, in the navigation pane on the left, choose **Automated investigations** > **Action center**.
|
||||||
|
|
||||||
|
3. Select the **History** tab. (If need be, expand the time period to display more data.)
|
||||||
|
|
||||||
|
4. Select an item to view more details about that remediation action.
|
||||||
|
|
||||||
## Related articles
|
## Related articles
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user