deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-22 13:53:39 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

update splunk link and aka link

Browse Source
This commit is contained in:
Joey Caparas
2019-07-12 11:11:53 -07:00
parent a11a0319dc
commit 440f4f946b
2 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
View File

@ -134,7 +134,7 @@ You can find the Azure IP range on [Microsoft Azure Datacenter IP Ranges](https:
Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Microsoft Defender ATP service URLs. Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Microsoft Defender ATP service URLs.
1. Download the [connectivity verification tool](https://go.microsoft.com/fwlink/p/?linkid=823683) to the PC where Microsoft Defender ATP sensor is running on. 1. Download the [connectivity verification tool](https://aka.ms/mdatpanalyzer) to the PC where Microsoft Defender ATP sensor is running on.
2. Extract the contents of WDATPConnectivityAnalyzer on the machine. 2. Extract the contents of WDATPConnectivityAnalyzer on the machine.

5
windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 10/16/2017
--- ---
# Configure Splunk to pull Microsoft Defender ATP alerts # Configure Splunk to pull Microsoft Defender ATP alerts
@ -33,7 +32,7 @@ You'll need to configure Splunk so that it can pull Microsoft Defender ATP alert
## Before you begin ## Before you begin
- Install the [REST API Modular Input app](https://splunkbase.splunk.com/app/1546/) in Splunk. - Install the open source [Windows Defender ATP Modular Inputs TA](https://splunkbase.splunk.com/app/4128/) in Splunk.
- Make sure you have enabled the **SIEM integration** feature from the **Settings** menu. For more information, see [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md) - Make sure you have enabled the **SIEM integration** feature from the **Settings** menu. For more information, see [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
- Have the details file you saved from enabling the **SIEM integration** feature ready. You'll need to get the following values: - Have the details file you saved from enabling the **SIEM integration** feature ready. You'll need to get the following values:
@ -52,7 +51,7 @@ You'll need to configure Splunk so that it can pull Microsoft Defender ATP alert
3. Click **REST** under **Local inputs**. 3. Click **REST** under **Local inputs**.
NOTE: NOTE:
This input will only appear after you install the [REST API Modular Input app](https://splunkbase.splunk.com/app/1546/). This input will only appear after you install the [Windows Defender ATP Modular Inputs TA](https://splunkbase.splunk.com/app/4128/).
4. Click **New**. 4. Click **New**.