You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/investigate-incidents.md
+6-7Lines changed: 6 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -75,13 +75,12 @@ The rest of the incident details page is divided into two tabs, **Overview** and
75
75
76
76
The **Overview** tab contains the following widgets, each of which represents an essential objective of your investigation.
77
77
78
-
- The **Incident timeline** widget shows you the timeline of alerts and [bookmarks](bookmarks.md) in the incident, which can help you reconstruct the timeline of attacker activity. Select an individual item to see all of its details, enabling you to drill down further. For more information, see [Reconstruct the timeline of attacker activity](#reconstruct-the-timeline-of-attacker-activity).
79
-
80
-
- In the **Similar incidents** widget, you see a collection of up to 20 other incidents that most closely resemble the current incident. This allows you to view the incident in a larger context and helps direct your investigation. For more information, see [Check for similar incidents in your environment](#check-for-similar-incidents-in-your-environment).
81
-
82
-
- The **Entities** widget shows you all the [entities](entities.md) that have been identified in the alerts. These are the objects that played a role in the incident, whether they be users, devices, addresses, files, or [any other types](./entities-reference.md). Select an entity to see its full details, which are displayed in the **Entities tab**. For more information, see [Explore the incident's entities](#explore-the-incidents-entities).
83
-
84
-
- Finally, in the **Top insights** widget, you see a collection of results of queries defined by Microsoft security researchers that provide valuable and contextual security information on all the entities in the incident, based on data from a collection of sources. For more information, see [Get the top insights into your incident](#get-the-top-insights-into-your-incident).
|**Incident timeline**| The **Incident timeline** widget shows you the timeline of alerts and [bookmarks](bookmarks.md) in the incident, which can help you reconstruct the timeline of attacker activity. Select an individual item to see all of its details, enabling you to drill down further. For more information, see [Reconstruct the timeline of attacker activity](#reconstruct-the-timeline-of-attacker-activity). |
81
+
|**Similar incidents**| In the **Similar incidents** widget, you see a collection of up to 20 other incidents that most closely resemble the current incident. This allows you to view the incident in a larger context and helps direct your investigation. For more information, see [Check for similar incidents in your environment](#check-for-similar-incidents-in-your-environment). |
82
+
|**Entities**| The **Entities** widget shows you all the [entities](entities.md) that have been identified in the alerts. These are the objects that played a role in the incident, whether they be users, devices, addresses, files, or [any other types](./entities-reference.md). Select an entity to see its full details, which are displayed in the **Entities tab**. For more information, see [Explore the incident's entities](#explore-the-incidents-entities).|
83
+
|**Top insights**| In the **Top insights** widget, you see a collection of results of queries defined by Microsoft security researchers that provide valuable and contextual security information on all the entities in the incident, based on data from a collection of sources. For more information, see [Get the top insights into your incident](#get-the-top-insights-into-your-incident).|
85
84
86
85
The **Entities** tab shows you the complete list of entities in the incident, which are also shown in the **Entities** widget on the **Overview** page. When you select an entity in the widget, you're directed here to see the entity's full dossier—its identifying information, a timeline of its activity (both within and outside the incident), and the full set of insights about the entity, just as you would see in its full entity page, but limited to the time frame appropriate to the incident.
0 commit comments