diff --git a/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md index dc1a7cb09a..9cc621003d 100644 --- a/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md @@ -25,6 +25,13 @@ Understand what data fields are exposed as part of the alerts API and how they m ## Alert API fields and portal mapping +The following table lists the available fields exposed in the alerts API payload. It shows examples for the populated values and a reference on how data is reflected on the portal. + + +The ArcSight field column contains the default mapping between the Windows Defender ATP fields and the built-in fields in ArcSight. + +The mapping file is available for download when you enable the SIEM integration feature in the portal and can be modified to match your organization needs. + Field numbers match the numbers in the images below. @@ -263,9 +270,7 @@ Field numbers match the numbers in the images below.
-![Image of alert with numbers](images/atp-siem-mapping1.png) - -![Image of alert with numbers](images/1.png) +![Image of alert with numbers](images/atp-alert-page.png) ![Image of alert details pane with numbers](images/atp-siem-mapping13.png) diff --git a/windows/threat-protection/windows-defender-atp/images/atp-mapping7.png b/windows/threat-protection/windows-defender-atp/images/atp-mapping7.png index aede702247..509ed20022 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/atp-mapping7.png and b/windows/threat-protection/windows-defender-atp/images/atp-mapping7.png differ