We are excited to announce the public preview of a completely redesigned alert page in the Microsoft Defender Security Center. The new Microsoft Defender ATP alert page will enable security researchers to more effectively triage, investigate, and take effective actions on alerts. The changes to the page were guided by customer feedback on how to make the experience better. The new page constructs a detailed alert story with full context which will provide the following:
Improved focus – is now at the forefront so that analysts have less clicks to get to relevant insights.
An investigation-oriented approach - alerts related to the same execution tree will appear on the same page, increasing efficiency, and awareness to the investigation scope.
Easier to take actions – with necessary actions built into the workflow, doing what you need just became that much faster.
How to get started
Each alert page consists of 4 sections:
The alert title – alert name which stays in constant view, regardless of what is clicked on the page.
Affected assets - cards for devices and users affected by this alert.
Alert story - displays all entities related to the alert, interconnected by a tree view. Every entity in the alert story is expandable and clickable.
Details pane - a dynamic section that provides contextual information and actions for the selected object.