delete splunk edit api pages

.openpublishing.redirection.json

@@ -1327,6 +1327,11 @@
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration",
+"redirect_document_id": false
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md",
 "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection",
 "redirect_document_id": true

windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md

@@ -28,8 +28,9 @@ ms.topic: article
 Understand what data fields are exposed as part of the detections API and how they map to Microsoft Defender Security Center.
 
 >[!Note]
->- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections
+>- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections.
 >- **Microsoft Defender ATP Detection** is composed from the suspicious event occurred on the Machine and its related **Alert** details.
+>-The Microsoft Defender ATP Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
 
 ## Detections API fields and portal mapping
 The following table lists the available fields exposed in the detections API payload. It shows examples for the populated values and a reference on how data is reflected on the portal.
@@ -91,7 +92,6 @@ Field numbers match the numbers in the images below.
 
 ## Related topics
 - [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
-- [Configure Splunk to pull Microsoft Defender ATP detections](configure-splunk.md)
 - [Configure ArcSight to pull Microsoft Defender ATP detections](configure-arcsight.md)
 - [Pull Microsoft Defender ATP detections using REST API](pull-alerts-using-rest-api.md)
 - [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md)

windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md

@@ -1,131 +0,0 @@
----
-title: Configure Splunk to pull Microsoft Defender ATP detections
-description: Configure Splunk to receive and pull detections from Microsoft Defender Security Center.
-keywords: configure splunk, security information and events management tools, splunk
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: article
----
-
-# Configure Splunk to pull Microsoft Defender ATP detections
-
-**Applies to:**
-
-
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-
-
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresplunk-abovefoldlink) 
-
-You'll need to configure Splunk so that it can pull Microsoft Defender ATP detections.
-
->[!Note]
->- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections
->- [Microsoft Defender ATP Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Machine and its related Alert details.
-
-## Before you begin
-
-- Install the open source [Windows Defender ATP Modular Inputs TA](https://splunkbase.splunk.com/app/4128/) in Splunk.
-- Make sure you have enabled the **SIEM integration** feature from the **Settings** menu. For more information, see [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
-
-- Have the details file you saved from enabling the **SIEM integration** feature ready. You'll need to get the following values:
-   - Tenant ID
-   - Client ID
-   - Client Secret
-   - Resource URL
-
-
-## Configure Splunk
-
-1. Login in to Splunk.
-
-2. Go to **Settings** > **Data inputs**.
-
-3. Select **Windows Defender ATP alerts** under **Local inputs**.
-
-   NOTE:
-   This input will only appear after you install the [Windows Defender ATP Modular Inputs TA](https://splunkbase.splunk.com/app/4128/).
-
-4. Click **New**.
-
-5. Type the following values in the required fields, then click **Save**:
-
-   NOTE:
-   All other values in the form are optional and can be left blank.
-
-   <table>
-   <tbody style="vertical-align:top;">
-   <tr>
-   <th>Field</th>
-   <th>Value</th>
-   </tr>
-   <tr>
-   <td>Name</td>
-   <td>Name for the Data Input</td>
-   </tr>
-    <td>Login URL</td>
-   <td>URL to authenticate the azure app (Default : https://login.microsoftonline.com)</td>
-   </tr>
-   <td>Endpoint</td>
-   <td>Depending on the location of your datacenter, select any of the following URL: </br></br> <strong>For EU</strong>:  <code>https://wdatp-alertexporter-eu.securitycenter.windows.com</code><br></br><strong>For US:</strong><code>https://wdatp-alertexporter-us.securitycenter.windows.com</code> <br><br> <strong>For UK:</strong><code>https://wdatp-alertexporter-uk.securitycenter.windows.com</code>
-   </tr>
-   <tr>
-   <td>Tenant ID</td>
-   <td>Azure Tenant ID</td>
-   </tr>
-   <td>Resource</td>
-   <td>Value from the SIEM integration feature page</td>
-   <tr>
-   <td>Client ID</td>
-   <td>Value from the SIEM integration feature page</td>
-   </tr>
-   <tr>
-   <td>Client Secret</td>
-   <td>Value from the SIEM integration feature page</td>
-   </tr>
-   
-   </tr>
-   </table>
-
-After completing these configuration steps, you can go to the Splunk dashboard and run queries.
-
-## View detections using Splunk solution explorer
-Use the solution explorer to view detections in Splunk.
-
-1. In Splunk, go to **Settings** > **Searchers, reports, and alerts**.
-
-2. Select **New**.
-
-3. Enter the following details:
-   - Search: Enter a query, for example:</br>
-     `sourcetype="wdatp:alerts" |spath|table*`
-   - App: Add-on for Windows Defender (TA_Windows-defender)
-
-     Other values are optional and can be left with the default values.
-
-4. Click **Save**. The query is saved in the list of searches.
-
-5. Find the query you saved in the list and click **Run**. The results are displayed based on your query.
-
-
->[!TIP]
-> To minimize Detection duplications, you can use the following query:
->```source="rest://wdatp:alerts" | spath | dedup _raw | table *``` 
-
-## Related topics
-- [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
-- [Configure ArcSight to pull Microsoft Defender ATP detections](configure-arcsight.md)
-- [Microsoft Defender ATP Detection fields](api-portal-mapping.md)
-- [Pull Microsoft Defender ATP detections using REST API](pull-alerts-using-rest-api.md)
-- [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md)

windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md

@@ -27,8 +27,9 @@ ms.topic: article
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-pullalerts-abovefoldlink) 
 
 >[!Note]
->- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections
+>- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections.
 >- [Microsoft Defender ATP Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Machine and its related Alert details.
+>-The Microsoft Defender ATP Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
 
 Microsoft Defender ATP supports the OAuth 2.0 protocol to pull detections from the API.