fix formatting

This commit is contained in:
Joey Caparas
2016-07-27 18:50:41 +10:00
parent e4f64e0ed7
commit 96b2f8f213
3 changed files with 16 additions and 20 deletions

View File

@ -46,7 +46,6 @@ You need to add an application in your Azure Active Directory (AAD) tenant then
13. Select **Save** and copy the key in a safe place. You'll need this key to authenticate the client application on Azure Active Directory. 13. Select **Save** and copy the key in a safe place. You'll need this key to authenticate the client application on Azure Active Directory.
14. Open a web browser and connect to the following URL: `https://DataAccess-PRD.trafficmanager.net:444/api/FetchToken?clientId=f7c1acd8-0458-48a0-a662-dba6de049d1c&tenantId=<tenant ID>&clientSecret=1234`. An Azure login page appears. 14. Open a web browser and connect to the following URL: `https://DataAccess-PRD.trafficmanager.net:444/api/FetchToken?clientId=f7c1acd8-0458-48a0-a662-dba6de049d1c&tenantId=<tenant ID>&clientSecret=1234`. An Azure login page appears.
> [!NOTE] > [!NOTE]
> - Replace *tenant ID* with your actual tenant ID. > - Replace *tenant ID* with your actual tenant ID.
> - Keep the client secret as is. This is a dummy value, but the parameter must appear. > - Keep the client secret as is. This is a dummy value, but the parameter must appear.

View File

@ -54,9 +54,7 @@ Events URL | `https://DataAccess-PRD.trafficmanager.net:444/api/alerts`
Authentication Type | OAuth 2 Authentication Type | OAuth 2
OAuth 2 Client Properties File | Select *wdatp-connector.properties*. OAuth 2 Client Properties File | Select *wdatp-connector.properties*.
Refresh Token | Paste the refresh token that your Windows Defender ATP contact provided, or you the one you get after running the `restutil` tool. Refresh Token | Paste the refresh token that your Windows Defender ATP contact provided, or you the one you get after running the `restutil` tool.
All other values in the form are optional and can be left blank. All other values in the form are optional and can be left blank.
6. Select **Next**, then **Save**. 6. Select **Next**, then **Save**.
7. Run the connector. You can choose to run in service mode or application mode. RONEN - Should this be Service mode or Application mode (capitalized S and capitalized A?) 7. Run the connector. You can choose to run in service mode or application mode. RONEN - Should this be Service mode or Application mode (capitalized S and capitalized A?)

View File

@ -40,25 +40,24 @@ You'll need to configure Splunk so that it can consume Windows Defender ATP aler
4. Select **New**. 4. Select **New**.
5. In the form fill in the following required fields with these values: 5. In the form fill in the following required fields with the following values, then click **Save**:
> [!NOTE]
>All other values in the form are optional and can be left blank.
Field | Value
:---|:---
Endpoint URL | `https://DataAccess-PRD.trafficmanager.net:444/api/alerts`
HTTP Method | GET
Authentication Type | oauth2
OAuth 2 Token Refresh URL | Value taken from AAD application
OAuth 2 Client ID | Value taken from AAD application
OAuth 2 Client Secret | Value taken from AAD application
Response type | json
Response Handler | JSONArrayHandler
Polling Interval | Number of seconds that Splunk will ping the Windows Defender ATP endpoint. Accepted values are in seconds.
Set sourcetype | From list
Source type | \_json
All other values in the form are optional and can be left blank. Field | Value
:---|:---
6. Select **Save**. Endpoint URL | `https://DataAccess-PRD.trafficmanager.net:444/api/alerts`
HTTP Method | GET
Authentication Type | oauth2
OAuth 2 Token Refresh URL | Value taken from AAD application
OAuth 2 Client ID | Value taken from AAD application
OAuth 2 Client Secret | Value taken from AAD application
Response type | json
Response Handler | JSONArrayHandler
Polling Interval | Number of seconds that Splunk will ping the Windows Defender ATP endpoint. Accepted values are in seconds.
Set sourcetype | From list
Source type | \_json
After completing these configuration steps, you can go to the Splunk dashboard and run queries. After completing these configuration steps, you can go to the Splunk dashboard and run queries.