You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-xdr/manage-incidents.md
+12-2Lines changed: 12 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -46,8 +46,8 @@ This article shows you how to perform various incident management tasks associat
46
46
47
47
**[Incident investigation and resolution:](#incident-investigation-and-resolution)**
48
48
49
-
-[Specify an incident's classification](#specify-the-incidents-classification).
50
49
-[Resolve an incident](#resolve-an-incident).
50
+
-[Specify an incident's classification](#specify-the-incidents-classification).
51
51
-[Add comments to an incident](#add-comments-to-an-incident).
52
52
53
53
**[Incident logging and reporting:](#incident-logging-and-reporting)**
@@ -186,7 +186,11 @@ Incidents begin life with a status of **Active**. When you're working on an inci
186
186
187
187
## Incident investigation and resolution
188
188
189
-
The following management tasks are closely associated with incident resolution, though they can be performed at any time.
189
+
The following management tasks are closely associated with incident investigation and resolution, though they can be performed at any time.
190
+
191
+
-[Resolve an incident](#resolve-an-incident).
192
+
-[Specify an incident's classification](#specify-the-incidents-classification).
193
+
-[Add comments to an incident](#add-comments-to-an-incident).
190
194
191
195
### Resolve an incident
192
196
@@ -247,6 +251,12 @@ All comments are added to the historical events of the incident. You can see the
247
251
248
252
## Incident logging and reporting
249
253
254
+
The following management tasks can be associated with auditing and reporting on incident investigations, though they can be performed at any time.
255
+
256
+
-[Edit the incident name](#edit-the-incident-name).
257
+
- Assess the activity audit and add comments in the [Activity log](#view-the-activity-log-of-an-incident).
258
+
-[Export incident data to PDF](#export-incident-data-to-pdf).
259
+
250
260
### Edit the incident name
251
261
252
262
Microsoft Defender automatically assigns a name based on alert attributes such as the number of endpoints affected, users affected, detection sources or categories. The incident name allows you to quickly understand the scope of the incident. For example: *Multi-stage incident on multiple endpoints reported by multiple sources.*
0 commit comments