Incidents in Windows Defender ATP
When a cybersecurity threat is emerging, or a potential attacker is deploying its tactics, techniques/tools, and procedures (TTPs) on the network, Windows Defender ATP will quickly trigger alerts and launch matching automatic investigations.
Windows Defender ATP applies correlation analytics and aggregates all related alerts and investigations into an incident. Doing so helps narrate a broader story of an attack, thus providing you with the right visuals (upgraded incident graph) and data representations to understand and deal with complex cross-entity threats to your organization's network.
In this section
|View and organize the Incidents queue||See the list of incidents and learn how to apply filters to limit the list and get a more focused view.|
|Manage incidents||Learn how to manage incidents by assigning it, updating its status, or setting its classification and other actions.|
|Investigate incidents||See associated alerts, manage the incident, see alert metadata, and visualizations to help you investigate an incident.|
We'd love to hear your thoughts. Choose the type you'd like to provide:
Our feedback system is built on GitHub Issues. Read more on our blog.