ATP evaluates related events and aggregates them into incidents for your review and mitigation. Incidents are prioritized by severity and criticality so that you can quickly determine which ones need immediate attention. From this page, you can go to the Incident details page to view greater details about incidents and take actions to remediate them. You can click on an entity node to go to that entity's details page for more details about the entity, and take actions.
ATP shows you which entities in your organization may be compromised. You can click on hyperlinks to go to entity details pages for more information and to perform actions. Or you can perform actions directly from this page.
ATP can notify you by email when an incident occurs. Email notifications contain a summary of the incident.
ATP can send incidents and notification messages to remote syslog servers through standard syslog forwarding. Logging to syslog lets you aggregate multiple management consoles. You can then evaluate the data with your own sets of rules and data analysis. Syslog lets you aggregate data from other systems into your security information and event management (SIEM) system.
Search your environment for indicators of compromise (IOC).
When you learn of a potential threat, you can search for IOCs on the ATP database or on your managed endpoints.