diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index ada2caedfc..434041c60a 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -90,9 +90,9 @@ #### [Automated investigations](windows-defender-atp\automated-investigations-windows-defender-advanced-threat-protection.md) #### [Advanced hunting](windows-defender-atp\advanced-hunting-windows-defender-advanced-threat-protection.md) -##### [Advanced hunting table reference](windows-defender-atp\advanced-hunting-reference-windows-defender-advanced-threat-protection.md) +##### [Advanced hunting reference](windows-defender-atp\advanced-hunting-reference-windows-defender-advanced-threat-protection.md) -### [Enable conditional access](windows-defender-atp\conditional-access-windows-defender-advanced-threat-protection.md) +### [Enable conditional access to better protect users, devices, and data](windows-defender-atp\conditional-access-windows-defender-advanced-threat-protection.md) ###API and SIEM support #### [Pull alerts to your SIEM tools](windows-defender-atp\configure-siem-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md index 69fccb47fd..1f90bb1c05 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md @@ -25,6 +25,8 @@ ms.date: 04/16/2018 [!include[Prerelease information](prerelease.md)] +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) + ## Advanced hunting query best practices The following best practices serve as a guideline for you to maximize the advanced hunting capability. - Use time filters first. Azure Kusto is highly optimized to utilize time filters. For more information, see [Azure Kusto](https://docs.microsoft.com/connectors/kusto/). @@ -104,7 +106,9 @@ Use the following table to understand what the columns represent, its data type, | RemoteUrl | string | URL or fully qualified domain name (FQDN) that was being connected to. | | ReportIndex | long | Event identifier that is unique among the same event type. | | SHA1 | string | SHA-1 of the file that the recorded action was applied to. | -| SHA256 | string | SHA-256 of the file that the recorded action was applied to. +| SHA256 | string | SHA-256 of the file that the recorded action was applied to. + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-belowfoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md index 6e8a569c62..1ceed89059 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md @@ -25,6 +25,9 @@ ms.date: 04/16/2018 [!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink) + Advanced hunting allows you to proactively hunt for possible threats across your organization using a powerful search and query tool. Take advantage of the following capabilities: - **Powerful query language with IntelliSense** - Built on top of a query language that gives you the flexibility you need to take hunting to the next level. @@ -159,8 +162,11 @@ The filter selections will resolve as an additional query term and the results w ## Public Advanced Hunting query GitHub repository Check out the [Advanced Hunting repository](https://github.com/Microsoft/Advanced-Hunting-Queries). Contribute and use example queries shared by our customers. + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhunting-belowfoldlink) + ## Related topic -- [Advanced hunting table reference](advanced-hunting-reference-windows-defender-advanced-threat-protection.md) +- [Advanced hunting reference](advanced-hunting-reference-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md index 00cb4338d2..1d800a4847 100644 --- a/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md @@ -212,6 +212,9 @@ You also have the option of selecting multiple investigations to approve or reje ![Image of multiple investigations selected](images/atp-pending-actions-multiple.png) +## Related topic +- [Investigate Windows Defender ATP alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) + diff --git a/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md index 085d25e31a..1fad7fd83a 100644 --- a/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md @@ -23,6 +23,10 @@ ms.date: 03/05/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-conditionalaccess-abovefoldlink) + Conditional access is a capability that helps you better protect your users and enterprise information by making sure that only secure devices have access to applications. With conditional access, you can control access to enterprise information based on the risk level of a device. This helps keep trusted users on trusted devices using trusted applications. @@ -61,6 +65,10 @@ You'll need to take the following steps to enable conditional access: 3. Create a device compliance policy in Intune. For more information, see [Create a compliance policy in the Azure portal](https://docs.microsoft.com/en-us/intune/compliance-policy-create-windows#create-a-compliance-policy-in-the-azure-portal). 3. Define a conditional access policy in AAD. For more information, see [Get started with conditional access in Azure Active Directory](https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-azure-portal-get-started). +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-conditionalaccess-belowfoldlink) + +## Related topic +- [Configure advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md index 5b1eb7af87..f2ab846f15 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md @@ -23,11 +23,9 @@ ms.date: 10/16/2017 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) - - >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configuresiem-abovefoldlink) -## Pull alerts using supported security information and events management (SIEM) tools +## Pull alerts using security information and events management (SIEM) tools Windows Defender ATP supports (SIEM) tools to pull alerts. Windows Defender ATP exposes alerts through an HTTPS endpoint hosted in Azure. The endpoint can be configured to pull alerts from your enterprise tenant in Azure Active Directory (AAD) using the OAuth 2.0 authentication protocol for an AAD application that represents the specific SIEM connector installed in your environment. diff --git a/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md index 04642f53a8..471ec2069e 100644 --- a/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md @@ -47,7 +47,7 @@ You’ll need to use the access token in the Authorization header when doing RES ## Related topics - [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) -- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md) +- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md) - [PowerShell code examples for the custom threat intelligence API](powershell-example-code-windows-defender-advanced-threat-protection.md) - [Python code examples for the custom threat intelligence API](python-example-code-windows-defender-advanced-threat-protection.md) - [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md index b3d1e6cdfc..b114f55057 100644 --- a/windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md @@ -40,10 +40,8 @@ Set the baselines for calculating the score of Windows Defender security control ## Related topics - [View the Secure score dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md) -- [Update general settings in Windows Defender ATP](general-settings-windows-defender-advanced-threat-protection.md) -- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md) -- [Turn on the preview experience in Windows Defender ATP](preview-settings-windows-defender-advanced-threat-protection.md) -- [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md) -- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md) -- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md) -- [Create and build Power BI reports](powerbi-reports-windows-defender-advanced-threat-protection.md) \ No newline at end of file +- [Update data retention settings for Windows Defender ATP](general-settings-windows-defender-advanced-threat-protection.md) +- [Configure alert notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md) +- [Configure automation notifications in Windows Defender ATP](configure-automation-notifications-windows-defender-advanced-threat-protection.md) +- [Enable and create Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) +- [Configure advanced features in Windows Defender ATP](/advanced-features-windows-defender-advanced-threat-protection.md) \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md index 5652ee66e3..5a34950b31 100644 --- a/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md @@ -152,8 +152,8 @@ This step will guide you in exploring the custom alert in the portal. ## Related topics - [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) -- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md) - [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md) +- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md) - [PowerShell code examples for the custom threat intelligence API](powershell-example-code-windows-defender-advanced-threat-protection.md) - [Python code examples for the custom threat intelligence API](python-example-code-windows-defender-advanced-threat-protection.md) - [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alert-page.png b/windows/security/threat-protection/windows-defender-atp/images/atp-alert-page.png index 3f5f7a3a61..7ae7d3aa20 100644 Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-alert-page.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-alert-page.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md index aa883fa645..50e09268f7 100644 --- a/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md @@ -34,6 +34,7 @@ ms.date: 04/16/2018 Follow the corresponding instructions depending on your preferred deployment method. ## Offboard Windows 10 machines + - [Offboard machines using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md#offboard-machines-using-a-local-script) - [Offboard machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md#offboard-machines-using-group-policy) - [Offboard machines using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md#offboard-machines-using-system-center-configuration-manager) - [Offboard machines using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#offboard-and-monitor-machines-using-mobile-device-management-tools) diff --git a/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md index 32464f1481..40d4134566 100644 --- a/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md @@ -201,4 +201,3 @@ In general, if you know of a specific threat name, CVE, or KB, you can identify - diff --git a/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md index b9fdb5f963..35c78cbafc 100644 --- a/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md @@ -180,8 +180,8 @@ $ioc = ## Related topics - [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) -- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md) - [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md) +- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md) - [Python code examples for the custom threat intelligence API](python-example-code-windows-defender-advanced-threat-protection.md) - [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md) - [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md index ec9b51d7e7..8a99007f7d 100644 --- a/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md @@ -33,9 +33,8 @@ Use the **Settings** menu to modify general settings, advanced features, enable Topic | Description :---|:--- [Update general settings](general-settings-windows-defender-advanced-threat-protection.md) | Modify your general settings that were previously defined as part of the onboarding process. -[Enable advanced features](advanced-features-windows-defender-advanced-threat-protection.md)| Enable features such as **Block file** and other features that require integration with other products. -[Enable the preview experience](preview-settings-windows-defender-advanced-threat-protection.md) | Allows you to turn on preview features so you can try upcoming features. -[Configure email notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md) | Enables you to configure and identify a group of individuals who will immediately be informed of new alerts through email notifications. -[Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md) | Enable security information and event management (SIEM) integration to pull alerts from the Windows Defender ATP portal using your SIEM solution. -[Enable Threat intel API](enable-custom-ti-windows-defender-advanced-threat-protection.md) | Before you can create custom threat intelligence (TI) using REST API, you'll need to set up the custom threat intelligence application. -[Create and build Power BI reports](powerbi-reports-windows-defender-advanced-threat-protection.md) | Get security insights by creating and building Power BI dashboards using data from Windows Defender ATP and other data sources. +Permissions | Manage portal access using RBAC as well as machine groups. +APIs | Enable the threat intel and SIEM integration. +Rules | Configure suppressions rules and automation settings. +Machine management | Onboard and offboard machines. + diff --git a/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md index ff90f0b95f..c37d6e2e98 100644 --- a/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md @@ -183,8 +183,8 @@ with requests.Session() as session: ## Related topics - [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) -- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md) - [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md) +- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md) - [PowerShell code examples for the custom threat intelligence API](powershell-example-code-windows-defender-advanced-threat-protection.md) - [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md) - [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md index a900b3f350..d41505b61e 100644 --- a/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md @@ -108,4 +108,4 @@ When you first log in to the Windows Defender ATP portal, you're granted either 2. Click the drop-down button and select **Delete role**. ## Related topic -- [Manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) \ No newline at end of file +- [Create and manage machine groups in Windows Defender ATP](machine-groups-windows-defender-advanced-threat-protection.md) \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md index a6fb269f4f..8f52d4a84c 100644 --- a/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md @@ -40,3 +40,5 @@ IP | Run API calls such as get IP related alerts, IP related machines, IP statis Machines | Run API calls such as find machine information by IP, get machines, get machines by ID, information about logged on users, and alerts related to a given machine ID. User | Run API calls such as get alert related user information, user information, user related alerts, and user related machines. +## Related topic +- [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md index a9be28757a..644ac1c371 100644 --- a/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md @@ -52,8 +52,8 @@ Here is an example of an IOC: IOCs have a many-to-one relationship with alert definitions such that an alert definition can have many IOCs that correspond to it. ## Related topics -- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md) - [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md) +- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md) - [PowerShell code examples for the custom threat intelligence API](powershell-example-code-windows-defender-advanced-threat-protection.md) - [Python code examples for the custom threat intelligence API](python-example-code-windows-defender-advanced-threat-protection.md) - [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md index 882a8eefbe..b020424608 100644 --- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md @@ -53,8 +53,8 @@ If your client secret expires or if you've misplaced the copy provided when you ## Related topics - [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) -- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md) - [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md) +- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md) - [PowerShell code examples for the custom threat intelligence API](powershell-example-code-windows-defender-advanced-threat-protection.md) - [Python code examples for the custom threat intelligence API](python-example-code-windows-defender-advanced-threat-protection.md) - [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)