deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 04:43:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

add dedupe note/tip

Browse Source
This commit is contained in:
Joey Caparas
2018-05-15 10:35:22 -07:00
parent 1c7a64e795
commit 9ab39216df
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md
View File

@ -139,6 +139,10 @@ Use the solution explorer to view alerts in Splunk.
5. Find the query you saved in the list and click **Run**. The results are displayed based on your query.
>[!TIP]
> To mininimize alert duplications, you can use the following query:
>```source="rest://windows atp alerts" | spath | dedup _raw | table *```
## Related topics
- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
- [Configure ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)