MicrosoftDocs
diff --git a/‎defender-xdr/incident-queue.md‎
Lines changed: 3 additions & 2 deletions b/‎defender-xdr/incident-queue.md‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎defender-xdr/media/investigate-incidents/incident-side-panel.png‎
73.5 KB b/‎defender-xdr/media/investigate-incidents/incident-side-panel.png‎
73.5 KB
@@ -1,6 +1,6 @@
 ---
 title: Prioritize incidents in the Microsoft Defender portal
-description: Learn how to filter incidents from the incident queue in the Microsoft Defender portal.
+description: Learn how to prioritize and filter incidents in the Microsoft Defender portal to improve your organization's security response. Discover actionable steps to manage incidents effectively.
 ms.service: defender-xdr
 f1.keywords: 
   - NOCSH
@@ -40,14 +40,15 @@ Select **Most recent incidents and alerts** to toggle a timeline chart of the nu
 
 :::image type="content" source="./media/incidents-queue/most-recent-incidents.png" alt-text="Screenshot of 24-hour incident graph." lightbox="./media/incidents-queue/most-recent-incidents.png":::
 
-The incident queue includes Defender Queue Assistant that helps security teams cut through alert noise and focus on the incidents that matter most. Using an AI-based, machine learning prioritization algorithm, the Queue Assistant surfaces the highest-priority incidents, explains the reasoning behind each score, and provides intuitive tools for sorting and filtering the incident queue. The priority score to each incident can be based on Microsoft native alerts, custom detections, or third-party signals. The algorithm is trained on real-world anonymized data and considers the following data points when calculating the priority score:
+The incident queue includes Defender Queue Assistant that helps security teams cut through the large number of incidents and focus on the incidents that matter most. Using a machine learning prioritization algorithm, the Queue Assistant surfaces the highest-priority incidents, explains the reasoning behind the prioritization, and provides intuitive tools for sorting and filtering the incident queue. The algorithm is runs for all alerts,  Microsoft native alerts, custom detections, or third-party signals. The algorithm is trained on real-world anonymized data and considers, among other things, the following data points when calculating the priority score:
 + Attack disruption signals
 + Threat analytics
 + Severity
 + SnR
 + MITRE techniques
 + Asset criticality
 +	Alert types and rarity
++	High profile threats such as ransomware and nation-state attacks.
 
 Incidents are automatically assigned a priority score from 0 to 100, with 100 being the highest priority. Score ranges are color-coded as follows:
 +	Red: Top priority (score > 85)