update table to fix numbering

windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md

@@ -47,13 +47,30 @@ The following steps assume that you have completed all the required steps in [Be
 
 5. In the form fill in the following required fields with these values:
 
-Field | Value
+    <table>
-:---|:---
+    <tbody style="vertical-align:top;">
-Configuration File | Type in the name of the client property file. It must match the client property file.
+    <tr>
-Events URL | `https://DataAccess-PRD.trafficmanager.net:444/api/alerts`
+    <th>Field</th>
-Authentication Type | OAuth 2
+    <th>Value</th>
-OAuth 2 Client Properties File | Select *wdatp-connector.properties*.
+    </tr>
-Refresh Token | Paste the refresh token that your Windows Defender ATP contact provided, or you the one you get after running the `restutil` tool.
+    <tr>
+    <td>Configuration File</td>
+    <td>Type in the name of the client property file. It must match the client property file.</td>
+    </tr>
+    <td>Events URL</td>
+    <td>`https://DataAccess-PRD.trafficmanager.net:444/api/alerts`</td>
+    <tr>
+    <td>Authentication Type</td>
+    <td>OAuth 2</td>
+    </tr>
+    <td>OAuth 2 Client Properties file</td>
+    <td>Select *wdatp-connector.properties*.</td>
+    <tr>
+    <td>Refresh Token</td>
+    <td>Paste the refresh token that your Windows Defender ATP contact provided, or you the one you get after running the `restutil` tool.</td>
+    </tr>
+    </tr>
+    </table>
 All other values in the form are optional and can be left blank.
 6. Select **Next**, then **Save**.
 

windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md

@@ -44,20 +44,58 @@ You'll need to configure Splunk so that it can consume Windows Defender ATP aler
 > [!NOTE]
 >All other values in the form are optional and can be left blank.
 
-
+  <table>
-  Field | Value
+  <tbody style="vertical-align:top;">
-  :---|:---
+  <tr>
-  Endpoint URL | `https://DataAccess-PRD.trafficmanager.net:444/api/alerts`
+  <th>Field</th>
-  HTTP Method | GET
+  <th>Value</th>
-  Authentication Type | oauth2
+  </tr>
-  OAuth 2 Token Refresh URL | Value taken from AAD application
+  <tr>
-  OAuth 2 Client ID |  Value taken from AAD application
+  <td>Endpoint URL</td>
-  OAuth 2 Client Secret | Value taken from AAD application
+  <td>https://DataAccess-PRD.trafficmanager.net:444/api/alerts</td>
-  Response type | json
+  </tr>
-  Response Handler | JSONArrayHandler
+  <td>Events URL</td>
-  Polling Interval | Number of seconds that Splunk will ping the Windows Defender ATP endpoint. Accepted values are in seconds.
+  <td>`https://DataAccess-PRD.trafficmanager.net:444/api/alerts`</td>
-  Set sourcetype | From list
+  <tr>
-  Source type | \_json
+  <td>HTTP Method</td>
+  <td>GET</td>
+  </tr>
+  <td>Authentication Type</td>
+  <td>oauth2</td>
+  <tr>
+  <td>OAuth 2 Token Refresh URL</td>
+  <td>	Value taken from AAD application</td>
+  </tr>
+  <tr>
+  <td>OAuth 2 Client ID</td>
+  <td>Value taken from AAD application</td>
+  </tr>
+  <tr>
+  <td>OAuth 2 Client Secret</td>
+  <td>Value taken from AAD application</td>
+  </tr>
+  <tr>
+  <td>Response type</td>
+  <td>json</td>
+  </tr>
+  <tr>
+  <td>Response Handler</td>
+  <td>JSONArrayHandler</td>
+  </tr>
+  <tr>
+  <td>Polling Interval</td>
+  <td>Number of seconds that Splunk will ping the Windows Defender ATP endpoint. Accepted values are in seconds.</td>
+  </tr>
+  <tr>
+  <td>Set sourcetype</td>
+  <td>From list</td>
+  </tr>
+  <tr>
+  <td>Source type</td>
+  <td>\_json</td>
+  </tr>
+  </tr>
+  </table>
 
 After completing these configuration steps, you can go to the Splunk dashboard and run queries.