From 5a92db61718abd789db5619bba929589c2fb8c9e Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Wed, 27 Jul 2016 19:34:12 +1000
Subject: [PATCH] update table to fix numbering

---
 ...ows-defender-advanced-threat-protection.md | 31 +++++++--
 ...ows-defender-advanced-threat-protection.md | 66 +++++++++++++++----
 2 files changed, 76 insertions(+), 21 deletions(-)
diff --git a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
index d31f8fadf5..c7917720cf 100644
--- a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
@@ -47,13 +47,30 @@ The following steps assume that you have completed all the required steps in [Be
 
 5. In the form fill in the following required fields with these values:
 
-Field | Value
-:---|:---
-Configuration File | Type in the name of the client property file. It must match the client property file.
-Events URL | `https://DataAccess-PRD.trafficmanager.net:444/api/alerts`
-Authentication Type | OAuth 2
-OAuth 2 Client Properties File | Select *wdatp-connector.properties*.
-Refresh Token | Paste the refresh token that your Windows Defender ATP contact provided, or you the one you get after running the `restutil` tool.
+    <table>
+    <tbody style="vertical-align:top;">
+    <tr>
+    <th>Field</th>
+    <th>Value</th>
+    </tr>
+    <tr>
+    <td>Configuration File</td>
+    <td>Type in the name of the client property file. It must match the client property file.</td>
+    </tr>
+    <td>Events URL</td>
+    <td>`https://DataAccess-PRD.trafficmanager.net:444/api/alerts`</td>
+    <tr>
+    <td>Authentication Type</td>
+    <td>OAuth 2</td>
+    </tr>
+    <td>OAuth 2 Client Properties file</td>
+    <td>Select *wdatp-connector.properties*.</td>
+    <tr>
+    <td>Refresh Token</td>
+    <td>Paste the refresh token that your Windows Defender ATP contact provided, or you the one you get after running the `restutil` tool.</td>
+    </tr>
+    </tr>
+    </table>
 All other values in the form are optional and can be left blank.
 6. Select **Next**, then **Save**.
 
diff --git a/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md
index ace379187c..f7fafa0e76 100644
--- a/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md
@@ -44,20 +44,58 @@ You'll need to configure Splunk so that it can consume Windows Defender ATP aler
 > [!NOTE]
 >All other values in the form are optional and can be left blank.
 
-
-  Field | Value
-  :---|:---
-  Endpoint URL | `https://DataAccess-PRD.trafficmanager.net:444/api/alerts`
-  HTTP Method | GET
-  Authentication Type | oauth2
-  OAuth 2 Token Refresh URL | Value taken from AAD application
-  OAuth 2 Client ID |  Value taken from AAD application
-  OAuth 2 Client Secret | Value taken from AAD application
-  Response type | json
-  Response Handler | JSONArrayHandler
-  Polling Interval | Number of seconds that Splunk will ping the Windows Defender ATP endpoint. Accepted values are in seconds.
-  Set sourcetype | From list
-  Source type | \_json
+  <table>
+  <tbody style="vertical-align:top;">
+  <tr>
+  <th>Field</th>
+  <th>Value</th>
+  </tr>
+  <tr>
+  <td>Endpoint URL</td>
+  <td>https://DataAccess-PRD.trafficmanager.net:444/api/alerts</td>
+  </tr>
+  <td>Events URL</td>
+  <td>`https://DataAccess-PRD.trafficmanager.net:444/api/alerts`</td>
+  <tr>
+  <td>HTTP Method</td>
+  <td>GET</td>
+  </tr>
+  <td>Authentication Type</td>
+  <td>oauth2</td>
+  <tr>
+  <td>OAuth 2 Token Refresh URL</td>
+  <td>	Value taken from AAD application</td>
+  </tr>
+  <tr>
+  <td>OAuth 2 Client ID</td>
+  <td>Value taken from AAD application</td>
+  </tr>
+  <tr>
+  <td>OAuth 2 Client Secret</td>
+  <td>Value taken from AAD application</td>
+  </tr>
+  <tr>
+  <td>Response type</td>
+  <td>json</td>
+  </tr>
+  <tr>
+  <td>Response Handler</td>
+  <td>JSONArrayHandler</td>
+  </tr>
+  <tr>
+  <td>Polling Interval</td>
+  <td>Number of seconds that Splunk will ping the Windows Defender ATP endpoint. Accepted values are in seconds.</td>
+  </tr>
+  <tr>
+  <td>Set sourcetype</td>
+  <td>From list</td>
+  </tr>
+  <tr>
+  <td>Source type</td>
+  <td>\_json</td>
+  </tr>
+  </tr>
+  </table>
 
 After completing these configuration steps, you can go to the Splunk dashboard and run queries.
 

Field	Value
Configuration File	Type in the name of the client property file. It must match the client property file.
Events URL	`https://DataAccess-PRD.trafficmanager.net:444/api/alerts`
Authentication Type	OAuth 2
OAuth 2 Client Properties file	Select wdatp-connector.properties.
Refresh Token	Paste the refresh token that your Windows Defender ATP contact provided, or you the one you get after running the `restutil` tool.
Field	Value
Endpoint URL	https://DataAccess-PRD.trafficmanager.net:444/api/alerts
Events URL	`https://DataAccess-PRD.trafficmanager.net:444/api/alerts`
HTTP Method	GET
Authentication Type	oauth2
OAuth 2 Token Refresh URL	Value taken from AAD application
OAuth 2 Client ID	Value taken from AAD application
OAuth 2 Client Secret	Value taken from AAD application
Response type	json
Response Handler	JSONArrayHandler
Polling Interval	Number of seconds that Splunk will ping the Windows Defender ATP endpoint. Accepted values are in seconds.
Set sourcetype	From list
Source type	\_json