mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-17 19:33:37 +00:00
fix formatting
This commit is contained in:
@ -46,7 +46,6 @@ You need to add an application in your Azure Active Directory (AAD) tenant then
|
|||||||
13. Select **Save** and copy the key in a safe place. You'll need this key to authenticate the client application on Azure Active Directory.
|
13. Select **Save** and copy the key in a safe place. You'll need this key to authenticate the client application on Azure Active Directory.
|
||||||
|
|
||||||
14. Open a web browser and connect to the following URL: `https://DataAccess-PRD.trafficmanager.net:444/api/FetchToken?clientId=f7c1acd8-0458-48a0-a662-dba6de049d1c&tenantId=<tenant ID>&clientSecret=1234`. An Azure login page appears.
|
14. Open a web browser and connect to the following URL: `https://DataAccess-PRD.trafficmanager.net:444/api/FetchToken?clientId=f7c1acd8-0458-48a0-a662-dba6de049d1c&tenantId=<tenant ID>&clientSecret=1234`. An Azure login page appears.
|
||||||
|
|
||||||
> [!NOTE]
|
> [!NOTE]
|
||||||
> - Replace *tenant ID* with your actual tenant ID.
|
> - Replace *tenant ID* with your actual tenant ID.
|
||||||
> - Keep the client secret as is. This is a dummy value, but the parameter must appear.
|
> - Keep the client secret as is. This is a dummy value, but the parameter must appear.
|
||||||
|
@ -54,9 +54,7 @@ Events URL | `https://DataAccess-PRD.trafficmanager.net:444/api/alerts`
|
|||||||
Authentication Type | OAuth 2
|
Authentication Type | OAuth 2
|
||||||
OAuth 2 Client Properties File | Select *wdatp-connector.properties*.
|
OAuth 2 Client Properties File | Select *wdatp-connector.properties*.
|
||||||
Refresh Token | Paste the refresh token that your Windows Defender ATP contact provided, or you the one you get after running the `restutil` tool.
|
Refresh Token | Paste the refresh token that your Windows Defender ATP contact provided, or you the one you get after running the `restutil` tool.
|
||||||
|
|
||||||
All other values in the form are optional and can be left blank.
|
All other values in the form are optional and can be left blank.
|
||||||
|
|
||||||
6. Select **Next**, then **Save**.
|
6. Select **Next**, then **Save**.
|
||||||
|
|
||||||
7. Run the connector. You can choose to run in service mode or application mode. RONEN - Should this be Service mode or Application mode (capitalized S and capitalized A?)
|
7. Run the connector. You can choose to run in service mode or application mode. RONEN - Should this be Service mode or Application mode (capitalized S and capitalized A?)
|
||||||
|
@ -40,25 +40,24 @@ You'll need to configure Splunk so that it can consume Windows Defender ATP aler
|
|||||||
|
|
||||||
4. Select **New**.
|
4. Select **New**.
|
||||||
|
|
||||||
5. In the form fill in the following required fields with these values:
|
5. In the form fill in the following required fields with the following values, then click **Save**:
|
||||||
|
> [!NOTE]
|
||||||
|
>All other values in the form are optional and can be left blank.
|
||||||
|
|
||||||
Field | Value
|
|
||||||
:---|:---
|
|
||||||
Endpoint URL | `https://DataAccess-PRD.trafficmanager.net:444/api/alerts`
|
|
||||||
HTTP Method | GET
|
|
||||||
Authentication Type | oauth2
|
|
||||||
OAuth 2 Token Refresh URL | Value taken from AAD application
|
|
||||||
OAuth 2 Client ID | Value taken from AAD application
|
|
||||||
OAuth 2 Client Secret | Value taken from AAD application
|
|
||||||
Response type | json
|
|
||||||
Response Handler | JSONArrayHandler
|
|
||||||
Polling Interval | Number of seconds that Splunk will ping the Windows Defender ATP endpoint. Accepted values are in seconds.
|
|
||||||
Set sourcetype | From list
|
|
||||||
Source type | \_json
|
|
||||||
|
|
||||||
All other values in the form are optional and can be left blank.
|
Field | Value
|
||||||
|
:---|:---
|
||||||
6. Select **Save**.
|
Endpoint URL | `https://DataAccess-PRD.trafficmanager.net:444/api/alerts`
|
||||||
|
HTTP Method | GET
|
||||||
|
Authentication Type | oauth2
|
||||||
|
OAuth 2 Token Refresh URL | Value taken from AAD application
|
||||||
|
OAuth 2 Client ID | Value taken from AAD application
|
||||||
|
OAuth 2 Client Secret | Value taken from AAD application
|
||||||
|
Response type | json
|
||||||
|
Response Handler | JSONArrayHandler
|
||||||
|
Polling Interval | Number of seconds that Splunk will ping the Windows Defender ATP endpoint. Accepted values are in seconds.
|
||||||
|
Set sourcetype | From list
|
||||||
|
Source type | \_json
|
||||||
|
|
||||||
After completing these configuration steps, you can go to the Splunk dashboard and run queries.
|
After completing these configuration steps, you can go to the Splunk dashboard and run queries.
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user