deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 11:53:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

add details on zip file - access token etc

Browse Source
This commit is contained in:
Joey Caparas
2017-03-09 11:34:09 -08:00
parent 110fde119b
commit 6a72d1cea9
2 changed files with 17 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
View File

@ -35,11 +35,17 @@ This section guides you in getting the necessary information to set and use the
- OAuth 2.0 Client ID
- OAuth 2.0 Client secret
- Have these two configuration files ready:
- Have the following configuration files ready:
- WDATP-connector.properties
- WDATP-connector.jsonparser.properties
You would have saved the files when you chose HP ArcSight as the SIEM type you use in your organization.
You would have saved a .zip file which contains these two files when you chose HP ArcSight as the SIEM type you use in your organization.
- Make sure you generate the following tokens and have them ready:
- Access token
- Refresh token
You can generate these tokens from the **SIEM integration** setup section of the portal.
## Install and configure HP ArcSight SmartConnector
The following steps assume that you have completed all the required steps in [Before you begin](#before-you-begin).

16
windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md
View File

@ -26,13 +26,15 @@ You'll need to configure Splunk so that it can consume Windows Defender ATP aler
## Before you begin
- Install the [REST API Modular Input app](https://splunkbase.splunk.com/app/1546/) in Splunk.
- Make sure you have enabled the SIEM integration feature from the **Preferences setup** menu. For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
- Have the refresh token that you generated from the SIEM integration feature ready.
- Have the file you saved from enabling the SIEM integration feature ready. You'll need to get the following values:
- Make sure you have enabled the **SIEM integration** feature from the **Preferences setup** menu. For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
- Have the details file you saved from enabling the **SIEM integration** feature ready. You'll need to get the following values:
- OAuth 2 Token refresh URL
- OAuth 2 Client ID
- OAuth 2 Client secret
- Have the refresh token that you generated from the SIEM integration feature ready.
## Configure Splunk
1. Login in to Splunk.
@ -71,19 +73,19 @@ You'll need to configure Splunk so that it can consume Windows Defender ATP aler
</tr>
<tr>
<td>OAuth 2 Refresh Token</td>
<td>Use the value that you generated when you enabled the SIEM integration feature.</td>
<td>Use the value that you generated when you enabled the **SIEM integration** feature.</td>
</tr>
<tr>
<td>OAuth 2 Token Refresh URL</td>
<td>Use the value from the file you saved when you enabled the SIEM integration feature.</td>
<td>Use the value from the details file you saved when you enabled the **SIEM integration** feature.</td>
</tr>
<tr>
<td>OAuth 2 Client ID</td>
<td>Use the value from the file you saved when you enabled the SIEM integration feature.</td>
<td>Use the value from the details file you saved when you enabled the **SIEM integration** feature.</td>
</tr>
<tr>
<td>OAuth 2 Client Secret</td>
<td>Use the value from the file you saved when you enabled the SIEM integration feature.</td>
<td>Use the value from the details file you saved when you enabled the **SIEM integration** feature.</td>
</tr>
<tr>
<td>Response type</td>