From 25dd2bf28995e950a744cc3a47e46aa838ec956e Mon Sep 17 00:00:00 2001
From: tgrolleman <62642995+tgrolleman@users.noreply.github.com>
Date: Wed, 25 Mar 2020 09:53:28 +0100
Subject: [PATCH] Update configure-splunk.md
See documentation of https://splunkbase.splunk.com/app/4128/ also, the URL's are wrong. It doesn't work with /api/alerts after the domain, Because the splunk app already adds it themself (and makes it https://wdatp-alertexporter-eu.securitycenter.windows.com/api/alerts/api/alerts...) :
input_module_windows_defender_atp_alerts.py: uri = "%s/%s%s" % (endpoint,"/api/alerts?sinceTimeUtc=",max_date)
---
.../microsoft-defender-atp/configure-splunk.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md b/windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md
index fd5efbf9ea..10c69301a9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md
@@ -78,7 +78,7 @@ You'll need to configure Splunk so that it can pull Microsoft Defender ATP detec
| URL to authenticate the azure app (Default : https://login.microsoftonline.com) |
Endpoint |
- Depending on the location of your datacenter, select any of the following URL: For EU: https://wdatp-alertexporter-eu.securitycenter.windows.com/api/alerts
For US:https://wdatp-alertexporter-us.securitycenter.windows.com/api/alerts
For UK:https://wdatp-alertexporter-uk.securitycenter.windows.com/api/alerts
+ | Depending on the location of your datacenter, select any of the following URL: For EU: https://wdatp-alertexporter-eu.securitycenter.windows.com
For US:https://wdatp-alertexporter-us.securitycenter.windows.com
For UK:https://wdatp-alertexporter-uk.securitycenter.windows.com
|
| Tenant ID |