You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: ATPDocs/investigate-security-alerts.md
+9-3Lines changed: 9 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,9 +11,7 @@ Investigate alerts that are affecting your environment, understand what they mea
11
11
12
12
Begin your investigation by selecting an alert from the **Alerts** page in the Microsoft Defender portal. The alerts page displays a list of all security alerts generated by Defender for Identity, including their severity, status, and impacted assets. Selecting an alert opens the alert page, which contains the alert title, the affected assets, the details side pane, and in some cases, an alert story.
13
13
14
-
> [!NOTE]
15
-
> The **alert story** and **export to Excel** options are only available for alerts that use the classic Defender for Identity structure.
16
-
> For more information about differences in how alerts are presented in the Defender portal, see [View and manage alerts](understanding-security-alerts.md).
14
+
17
15
18
16
## Investigate using the alert story
19
17
@@ -25,6 +23,10 @@ The Important information section includes additional technical details that sup
25
23
26
24
Together, the alert story, alert graph, and Important information give you a complete picture of the alert. They help you understand what triggered the alert, which entities were involved, and whether the activity requires further investigation or action.
27
25
26
+
> [!NOTE]
27
+
> The **alert story** is only visible for alerts that use the classic Defender for Identity structure.
28
+
> For more information about differences in how alerts are presented in the Defender portal, see [View and manage alerts](understanding-security-alerts.md).
29
+
28
30
## Take action from the details pane
29
31
Once you've selected an alert of interest, the details pane changes to display information about the selected alert, historic information when it's available, and offer recommended actions to take action on this alert.
30
32
@@ -35,6 +37,10 @@ Once you're done investigating, go back to the alert you started with, mark the
35
37
36
38
To get more details on a security alert, select **Export** on an alert details page to download the detailed Excel alert report.
37
39
40
+
> [!NOTE]
41
+
> The **export to Excel** option is also only available for alerts that use the classic Defender for Identity structure.
42
+
> For more information about differences in how alerts are presented in the Defender portal, see [View and manage alerts](understanding-security-alerts.md).
43
+
38
44
39
45
The downloaded file includes summary details about the alert on the first tab, including:
![m365-skilling-repo-management[bot]](https://avatars.githubusercontent.com/in/1161012?v=4&size=40){kind=avatar}
0 commit comments