diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md b/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md index 351164afa3..44e2fdd28e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md @@ -32,7 +32,7 @@ ms.date: 10/16/2017 >- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections >- [Microsoft Defender ATP Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Machine and its related Alert details. -Microsoft Defender ATP supports (SIEM) tools to pull detections. Microsoft Defender ATP exposes alerts through an HTTPS endpoint hosted in Azure. The endpoint can be configured to pull detections from your enterprise tenant in Azure Active Directory (AAD) using the OAuth 2.0 authentication protocol for an AAD application that represents the specific SIEM connector installed in your environment. +Microsoft Defender ATP supports security information and event management (SIEM) tools to pull detections. Microsoft Defender ATP exposes alerts through an HTTPS endpoint hosted in Azure. The endpoint can be configured to pull detections from your enterprise tenant in Azure Active Directory (AAD) using the OAuth 2.0 authentication protocol for an AAD application that represents the specific SIEM connector installed in your environment. Microsoft Defender ATP currently supports the following SIEM tools: diff --git a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md index ca069f5c81..8d6c69ea8d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md +++ b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md @@ -51,7 +51,7 @@ Content-Type | String | application/json. **Required**. ## Request body -In the request body, supply the values for the relevant fields that should be updated.Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't change. +In the request body, supply the values for the relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't change. Property | Type | Description :---|:---|:--- @@ -60,6 +60,7 @@ assignedTo | String | Owner of the alert classification | String | Specifies the specification of the alert. The property values are: 'Unknown', 'FalsePositive', 'TruePositive'. determination | String | Specifies the determination of the alert. The property values are: 'NotAvailable', 'Apt', 'Malware', 'SecurityPersonnel', 'SecurityTesting', 'UnwantedSoftware', 'Other' +[!include[Improve request performance](improve-request-performance.md)] ## Response If successful, this method returns 200 OK, and the [alert](alerts.md) entity in the response body with the updated properties. If alert with the specified id was not found - 404 Not Found. @@ -71,8 +72,6 @@ If successful, this method returns 200 OK, and the [alert](alerts.md) entity in Here is an example of the request. -[!include[Improve request performance](improve-request-performance.md)] - ``` PATCH https://api.securitycenter.windows.com/api/alerts/121688558380765161_2136280442 Content-Type: application/json