mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-07 18:17:22 +00:00
formatting fixes
indented the new sub-list swapped curly quotation marks for straight quotation marks
This commit is contained in:
Tami Fosmark
GitHub
parent
5d400b01d8
commit
9e1cf51cb3
@ -40,10 +40,10 @@ You'll need to configure Splunk so that it can pull Microsoft Defender ATP detec
|
|||||||
- Make sure you have enabled the **SIEM integration** feature from the **Settings** menu. For more information, see [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
|
- Make sure you have enabled the **SIEM integration** feature from the **Settings** menu. For more information, see [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
|
||||||
|
|
||||||
- Have the details file you saved from enabling the **SIEM integration** feature ready. You'll need to get the following values:
|
- Have the details file you saved from enabling the **SIEM integration** feature ready. You'll need to get the following values:
|
||||||
- Tenant ID
|
- Tenant ID
|
||||||
- Client ID
|
- Client ID
|
||||||
- Client Secret
|
- Client Secret
|
||||||
- Resource URL
|
- Resource URL
|
||||||
|
|
||||||
|
|
||||||
## Configure Splunk
|
## Configure Splunk
|
||||||
@ -109,7 +109,7 @@ Use the solution explorer to view detections in Splunk.
|
|||||||
|
|
||||||
3. Enter the following details:
|
3. Enter the following details:
|
||||||
- Search: Enter a query, for example:</br>
|
- Search: Enter a query, for example:</br>
|
||||||
`sourcetype=”wdatp:alerts” |spath|table*`
|
`sourcetype="wdatp:alerts" |spath|table*`
|
||||||
- App: Add-on for Windows Defender (TA_Windows-defender)
|
- App: Add-on for Windows Defender (TA_Windows-defender)
|
||||||
|
|
||||||
Other values are optional and can be left with the default values.
|
Other values are optional and can be left with the default values.
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user