fix formatting

2025-06-16 10:53:43 +00:00 · 2016-07-27 18:50:41 +10:00
parent e4f64e0ed7
commit 96b2f8f213
3 changed files with 16 additions and 20 deletions
--- a/windows/keep-secure/configure-aad-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-aad-windows-defender-advanced-threat-protection.md
@ -46,7 +46,6 @@ You need to add an application in your Azure Active Directory (AAD) tenant then
 13. Select **Save** and copy the key in a safe place. You'll need this key to authenticate the client application on Azure Active Directory.

 14. Open a web browser and connect to the following URL: `https://DataAccess-PRD.trafficmanager.net:444/api/FetchToken?clientId=f7c1acd8-0458-48a0-a662-dba6de049d1c&tenantId=<tenant ID>&clientSecret=1234`. An Azure login page appears.
-
 > [!NOTE]
 > - Replace *tenant ID* with your actual tenant ID.
 > - Keep the client secret as is. This is a dummy value, but the parameter must appear.
--- a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
@ -54,9 +54,7 @@ Events URL | `https://DataAccess-PRD.trafficmanager.net:444/api/alerts`
 Authentication Type | OAuth 2
 OAuth 2 Client Properties File | Select *wdatp-connector.properties*.
 Refresh Token | Paste the refresh token that your Windows Defender ATP contact provided, or you the one you get after running the `restutil` tool.
-
 All other values in the form are optional and can be left blank.
-
 6. Select **Next**, then **Save**.

 7. Run the connector. You can choose to run in service mode or application mode. RONEN - Should this be Service mode or Application mode (capitalized S and capitalized A?)
--- a/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md
@ -40,25 +40,24 @@ You'll need to configure Splunk so that it can consume Windows Defender ATP aler

 4. Select **New**.

-5. In the form fill in the following required fields with these values:
+5. In the form fill in the following required fields with the following values, then click **Save**:
+> [!NOTE]
+>All other values in the form are optional and can be left blank.

-Field | Value
-:---|:---
-Endpoint URL | `https://DataAccess-PRD.trafficmanager.net:444/api/alerts`
-HTTP Method | GET
-Authentication Type | oauth2
-OAuth 2 Token Refresh URL | Value taken from AAD application
-OAuth 2 Client ID |  Value taken from AAD application
-OAuth 2 Client Secret | Value taken from AAD application
-Response type | json
-Response Handler | JSONArrayHandler
-Polling Interval | Number of seconds that Splunk will ping the Windows Defender ATP endpoint. Accepted values are in seconds.
-Set sourcetype | From list
-Source type | \_json

-All other values in the form are optional and can be left blank.
-
-6. Select **Save**.
+  Field | Value
+  :---|:---
+  Endpoint URL | `https://DataAccess-PRD.trafficmanager.net:444/api/alerts`
+  HTTP Method | GET
+  Authentication Type | oauth2
+  OAuth 2 Token Refresh URL | Value taken from AAD application
+  OAuth 2 Client ID |  Value taken from AAD application
+  OAuth 2 Client Secret | Value taken from AAD application
+  Response type | json
+  Response Handler | JSONArrayHandler
+  Polling Interval | Number of seconds that Splunk will ping the Windows Defender ATP endpoint. Accepted values are in seconds.
+  Set sourcetype | From list
+  Source type | \_json

 After completing these configuration steps, you can go to the Splunk dashboard and run queries.