From 6a72d1cea946d2b144f25c14c2b5580177857dbc Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Thu, 9 Mar 2017 11:34:09 -0800
Subject: [PATCH] add details on zip file - access token etc

---
 ...indows-defender-advanced-threat-protection.md | 10 ++++++++--
 ...indows-defender-advanced-threat-protection.md | 16 +++++++++-------
 2 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
index b106b0e5d7..5e3d96294d 100644
--- a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
@@ -35,11 +35,17 @@ This section guides you in getting the necessary information to set and use the
   - OAuth 2.0 Client ID
   - OAuth 2.0 Client secret
 
-- Have these two configuration files ready:
+- Have the following configuration files ready:
   - WDATP-connector.properties
   - WDATP-connector.jsonparser.properties
 
-    You would have saved the files when you chose HP ArcSight as the SIEM type you use in your organization.
+    You would have saved a .zip file which contains these two files when you chose HP ArcSight as the SIEM type you use in your organization.
+
+- Make sure you generate the following tokens and have them ready:
+  - Access token
+  - Refresh token
+
+  You can generate these tokens from the **SIEM integration** setup section of the portal.
 
 ## Install and configure HP ArcSight SmartConnector
 The following steps assume that you have completed all the required steps in [Before you begin](#before-you-begin).
diff --git a/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md
index 5ea83643f0..fc83f08574 100644
--- a/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md
@@ -26,13 +26,15 @@ You'll need to configure Splunk so that it can consume Windows Defender ATP aler
 ## Before you begin
 
 - Install the [REST API Modular Input app](https://splunkbase.splunk.com/app/1546/) in Splunk.
-- Make sure you have enabled the SIEM integration feature from the **Preferences setup** menu. For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
-- Have the refresh token that you generated from the SIEM integration feature ready.  
-- Have the file you saved from enabling the SIEM integration feature ready. You'll need to get the following values:
+- Make sure you have enabled the **SIEM integration** feature from the **Preferences setup** menu. For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
+
+- Have the details file you saved from enabling the **SIEM integration** feature ready. You'll need to get the following values:
   - OAuth 2 Token refresh URL
   - OAuth 2 Client ID
   - OAuth 2 Client secret
 
+- Have the refresh token that you generated from the SIEM integration feature ready.
+
 ## Configure Splunk
 
 1. Login in to Splunk.
@@ -71,19 +73,19 @@ You'll need to configure Splunk so that it can consume Windows Defender ATP aler
   </tr>
   <tr>
   <td>OAuth 2 Refresh Token</td>
-  <td>Use the value that you generated when you enabled the SIEM integration feature.</td>
+  <td>Use the value that you generated when you enabled the **SIEM integration** feature.</td>
   </tr>
   <tr>
   <td>OAuth 2 Token Refresh URL</td>
-  <td>Use the value from the file you saved when you enabled the SIEM integration feature.</td>
+  <td>Use the value from the details file you saved when you enabled the **SIEM integration** feature.</td>
   </tr>
   <tr>
   <td>OAuth 2 Client ID</td>
-  <td>Use the value from the file you saved when you enabled the SIEM integration feature.</td>
+  <td>Use the value from the details file you saved when you enabled the **SIEM integration** feature.</td>
   </tr>
   <tr>
   <td>OAuth 2 Client Secret</td>
-  <td>Use the value from the file you saved when you enabled the SIEM integration feature.</td>
+  <td>Use the value from the details file you saved when you enabled the **SIEM integration** feature.</td>
   </tr>
   <tr>
   <td>Response type</td>