deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/threat-protection/microsoft-defender-atp/alerts-queue-endpoint-detection-response.md
Dani Halfin 8a5f22ba03 last wave of fixes for this one
2019-08-09 15:09:53 -07:00

1.9 KiB
Raw Blame History

title, ms.reviewer, description, keywords, search.product, search.appverid, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.author, author, ms.localizationpriority, manager, audience, ms.collection, ms.topic, ms.date
title ms.reviewer description keywords search.product search.appverid ms.prod ms.mktglfcycl ms.sitesec ms.pagetype ms.author author ms.localizationpriority manager audience ms.collection ms.topic ms.date
Alerts queue in Microsoft Defender Security Center View and manage the alerts surfaced in Microsoft Defender Security Center eADQiWindows 10XVcnh met150 w10 deploy library security macapara mjcaparas medium dansimp ITPro M365-security-compliance conceptual 09/03/2018

Alerts queue in Microsoft Defender Security Center

Learn how you can view and manage the queue so that you can effectively investigate threats seen on entities such as machines, files, or user accounts.

In this section

Topic Description
View and organize the Alerts queue Shows a list of alerts that were flagged in your network.
Manage alerts Learn about how you can manage alerts such as change its status, assign it to a security operations member, and see the history of an alert.
Investigate alerts Investigate alerts that are affecting your network, understand what they mean, and how to resolve them.
Investigate files Investigate the details of a file associated with a specific alert, behaviour, or event.
Investigate machines Investigate the details of a machine associated with a specific alert, behaviour, or event.
Investigate an IP address Examine possible communication between machines in your network and external internet protocol (IP) addresses.
Investigate a domain Investigate a domain to see if machines and servers in your network have been communicating with a known malicious domain.
Investigate a user account Identify user accounts with the most active alerts and investigate cases of potential compromised credentials.