add intro, update image

2025-06-22 13:53:39 +00:00 · 2017-05-31 12:04:56 -07:00
parent a532a95978
commit b2d4020517
2 changed files with 8 additions and 3 deletions
--- a/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
@ -25,6 +25,13 @@ Understand what data fields are exposed as part of the alerts API and how they m


 ##	Alert API fields and portal mapping
+The following table lists the available fields exposed in the alerts API payload. It shows examples for the populated values and a reference on how data is reflected on the portal.
+
+
+The ArcSight field column contains the default mapping between the Windows Defender ATP fields and the built-in fields in ArcSight.
+
+The mapping file is available for download when you enable the SIEM integration feature in the portal and can be modified to match your organization needs.
+
 Field numbers match the numbers in the images below.

 <table style="table-layout:fixed;width:100%" >
@ -263,9 +270,7 @@ Field numbers match the numbers in the images below.
 </table>


-![Image of alert with numbers](images/atp-siem-mapping1.png)
-
-![Image of alert with numbers](images/1.png)
+![Image of alert with numbers](images/atp-alert-page.png)

 ![Image of alert details pane with numbers](images/atp-siem-mapping13.png)

--- a/windows/threat-protection/windows-defender-atp/images/atp-mapping7.png
+++ b/windows/threat-protection/windows-defender-atp/images/atp-mapping7.png