update

windows/keep-secure/configure-siem-windows-defender-advanced-threat-protection.md

@@ -55,5 +55,5 @@ Topic | Description
 [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)| Learn about enabling the SIEM integration feature in the **Preferences setup** page in the portal so that you can use and generate the required information to configure supported SIEM tools.
 [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md)| Learn about installing the REST API Modular Input app and other configuration settings to enable Splunk to pull Windows Defender ATP alerts.
 [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md)| Learn about installing the HP ArcSight REST FlexConnector package and the files you need to configure ArcSight to pull Windows Defender ATP alerts.
-[Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) | Understand how the SIEM schema maps to the values in the Windows Defender ATP portal.
+[Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) | Understand what data fields are exposed as part of the alerts API and how they map to the Windows Defender ATP portal.
 [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md) | Use the Client credentials OAuth 2.0 flow to pull alerts from Windows Defender ATP using REST API.

windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md

@@ -48,4 +48,3 @@ You can now proceed with configuring your SIEM solution. You'll need to use the
 ## Related topics
 - [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
 - [Configure HP ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
-- Configure generic API

windows/keep-secure/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md

@@ -40,7 +40,7 @@ The _Client credential flow_ uses client credentials to authenticate against the
 Use the following method in the Windows Defender ATP API to pull alerts in JSON format.
 
 ## Before you begin
-- Before calling the Windows Defender ATP endpoint to pull alerts, you'll need to enable the threat intelligence application in Azure Active Directory (AAD). For more information, see [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md).
+- Before calling the Windows Defender ATP endpoint to pull alerts, you'll need to enable the SIEM integration application in Azure Active Directory (AAD). For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md).
 
 - Take note of the following values in your Azure application registration. You need these values to configure the OAuth flow in your service or daemon app:
   - Application ID (unique to your application)