diff --git a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
index b106b0e5d7..5e3d96294d 100644
--- a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
@@ -35,11 +35,17 @@ This section guides you in getting the necessary information to set and use the
- OAuth 2.0 Client ID
- OAuth 2.0 Client secret
-- Have these two configuration files ready:
+- Have the following configuration files ready:
- WDATP-connector.properties
- WDATP-connector.jsonparser.properties
- You would have saved the files when you chose HP ArcSight as the SIEM type you use in your organization.
+ You would have saved a .zip file which contains these two files when you chose HP ArcSight as the SIEM type you use in your organization.
+
+- Make sure you generate the following tokens and have them ready:
+ - Access token
+ - Refresh token
+
+ You can generate these tokens from the **SIEM integration** setup section of the portal.
## Install and configure HP ArcSight SmartConnector
The following steps assume that you have completed all the required steps in [Before you begin](#before-you-begin).
diff --git a/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md
index 5ea83643f0..fc83f08574 100644
--- a/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md
@@ -26,13 +26,15 @@ You'll need to configure Splunk so that it can consume Windows Defender ATP aler
## Before you begin
- Install the [REST API Modular Input app](https://splunkbase.splunk.com/app/1546/) in Splunk.
-- Make sure you have enabled the SIEM integration feature from the **Preferences setup** menu. For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
-- Have the refresh token that you generated from the SIEM integration feature ready.
-- Have the file you saved from enabling the SIEM integration feature ready. You'll need to get the following values:
+- Make sure you have enabled the **SIEM integration** feature from the **Preferences setup** menu. For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
+
+- Have the details file you saved from enabling the **SIEM integration** feature ready. You'll need to get the following values:
- OAuth 2 Token refresh URL
- OAuth 2 Client ID
- OAuth 2 Client secret
+- Have the refresh token that you generated from the SIEM integration feature ready.
+
## Configure Splunk
1. Login in to Splunk.
@@ -71,19 +73,19 @@ You'll need to configure Splunk so that it can consume Windows Defender ATP aler
| OAuth 2 Refresh Token |
- Use the value that you generated when you enabled the SIEM integration feature. |
+ Use the value that you generated when you enabled the **SIEM integration** feature. |
| OAuth 2 Token Refresh URL |
- Use the value from the file you saved when you enabled the SIEM integration feature. |
+ Use the value from the details file you saved when you enabled the **SIEM integration** feature. |
| OAuth 2 Client ID |
- Use the value from the file you saved when you enabled the SIEM integration feature. |
+ Use the value from the details file you saved when you enabled the **SIEM integration** feature. |
| OAuth 2 Client Secret |
- Use the value from the file you saved when you enabled the SIEM integration feature. |
+ Use the value from the details file you saved when you enabled the **SIEM integration** feature. |
| Response type |