diff --git a/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md index 48e45aa5b5..11c2f8709d 100644 --- a/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md @@ -28,7 +28,7 @@ Understand what data fields are exposed as part of the alerts API and how they m Field numbers match the numbers in the images below. Portal label | SIEM field name | ArcSight field| Example value | Description -:---|:---|:--- +:---|:---|:---|:---|:--- 1 | AlertTitle | name | A dll was unexpectedly loaded into a high integrity process without a UAC prompt | Value available for every alert. 2 | Severity | deviceSeverity | Medium | Value available for every alert. 3 | Category | deviceEventCategory | Privilege Escalation | Value available for every alert. @@ -62,11 +62,11 @@ Portal label | SIEM field name | ArcSight field| Example value | Description ![Image of alert with numbers](images/atp-siem-mapping1.png) -![Image of alert details pane with numbers](images/atp-mapping2.png) +![Image of alert details pane with numbers](images/atp-siem-mapping2.png) -![Image of alert timeline with numbers](images/atp-mapping3.png) +![Image of alert timeline with numbers](images/atp-siem-mapping3.png) -![Image of alert timeline with numbers](images/atp-mapping4.png) +![Image of alert timeline with numbers](images/atp-siem-mapping4.png) ![Image browser URL](images/atp-mapping5.png)