update siem integration remove splunk from image

2025-05-15 14:57:23 +00:00 · 2020-05-07 14:06:21 -07:00 · 2020-05-07 14:06:21 -07:00 · 73d0b3d66f
commit 73d0b3d66f
parent 6d31c74f37
3 changed files with 5 additions and 5 deletions
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md
@ -28,9 +28,9 @@ ms.topic: article
 ## Pull detections using security information and events management (SIEM) tools
 >[!Note]
->- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections
+>- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections.
 >- [Microsoft Defender ATP Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Machine and its related Alert details.
->-
+>-The Microsoft Defender ATP Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
 Microsoft Defender ATP supports security information and event management (SIEM) tools to pull detections. Microsoft Defender ATP exposes alerts through an HTTPS endpoint hosted in Azure. The endpoint can be configured to pull detections from your enterprise tenant in Azure Active Directory (AAD) using the OAuth 2.0 authentication protocol for an AAD application that represents the specific SIEM connector installed in your environment.
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md
@ -27,9 +27,10 @@ ms.topic: article
 Enable security information and event management (SIEM) integration so you can pull detections from Microsoft Defender Security Center using your SIEM solution or by connecting directly to the detections REST API.
->[!Note]
+>[!NOTE]
->- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections
+>- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections.
 >- [Microsoft Defender ATP Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Machine and its related Alert details.
 >- The Microsoft Defender ATP Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
 ## Prerequisites
 - The user who activates the setting must have permissions to create an app in Azure Active Directory (AAD). This is typically someone with a **Global administrator** role.
@ -75,7 +76,6 @@ You can now proceed with configuring your SIEM solution or connecting to the det
 You can configure IBM QRadar to collect detections from Microsoft Defender ATP. For more information, see [IBM Knowledge Center](https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/c_dsm_guide_MS_Win_Defender_ATP_overview.html?cp=SS42VS_7.3.1).
 ## Related topics
 - [Configure Splunk to pull Microsoft Defender ATP detections](configure-splunk.md)
 - [Configure HP ArcSight to pull Microsoft Defender ATP detections](configure-arcsight.md)
 - [Microsoft Defender ATP Detection fields](api-portal-mapping.md)
 - [Pull Microsoft Defender ATP detections using REST API](pull-alerts-using-rest-api.md)
--- a/windows/security/threat-protection/microsoft-defender-atp/images/siem_details.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/siem_details.png