diff --git a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md index 84cd2e95c8..99ceea2817 100644 --- a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md @@ -38,12 +38,11 @@ This section guides you in getting the necessary information to set and use the - **client_ID**: OAuth 2 Client ID - **client_secret**: OAuth 2 Client secret - - **auth_url**: Append the following to the value you obtained from the AAD app: ```?resource=https%3A%2F%2FWDATPAlertExport.Seville.onmicrosoft.com ``` + - **auth_url**: ```https://login.microsoftonline.com/?resource=https%3A%2F%2FWDATPAlertExport.Seville.onmicrosoft.com ``` - For example: `https:////oauth2/authorize?resource=https%3A%2F%2FWDATPAlertExport.Seville.onmicrosoft.com` - - **token_url**: Use your tenant ID URL [JOEY: NOT SURE IF THIS IS CORRECT - PLEASE HELP PROVIDE TECHNICAL DESCRIPTION] + - **token_url**: `https://login.microsoftonline.com//oauth2/token` - **redirect_uri**: ```https://localhost:44300/wdatpconnector``` - - **scope**: Leave blank [JOEY: NOT SURE IF THIS IS CORRECT - PLEASE CHECK] + - **scope**: Leave the value blank 3. Download the wdatp-connector.json.properties file. This file is used to parse the information from Windows Defender ATP to HP ArcSight consumable format. (JOEY: UPLOAD FILE IN DOWNLOAD CENTER) @@ -52,49 +51,39 @@ This section guides you in getting the necessary information to set and use the The following steps assume that you have completed all the required steps in [Before you begin](#before-you-begin). 1. Install the latest 32-bit Windows SmartConnector installer. You can find this in the HPE Software center. The tool is typically installed in `C:\ArcSightSmartConnectors\\`. -[AVIV, NEED ALL THE SCREENSHOTS HERE] -[AVIV/BRIAN - WHAT IF THEY WANT TO USE 64-BIT? CAN I THEN JUST REMOVE THE WORDS 32-BIT?] + +[JOEY: follow how HP doc'd it. just put the bullet list.] + +>!NOTE: +> descriptive_name is based on the the name of the installer location. 2. Open File Explorer and put the two configuration files in the installation location, for example: - WDATP-connector.jsonparser.properties: `C:\ArcSightSmartConnectors\\current\user\agent\flexagent\` - WDATP-connector.properties: `C:\ArcSightSmartConnectors\\` - [AVIV - I BELIEVE THERE ARE SEVERAL SCREENS BEFORE THE CONNECTOR SETUP IS DISPLAYED. CAN YOU PROVIDE THOSE PLEASE?] + [AVIV - I BELIEVE THERE ARE SEVERAL SCREENS BEFORE THE CONNECTOR SETUP IS DISPLAYED. CAN YOU PROVIDE THOSE PLEASE? yes, Aviv to provide, but joey to doc only - CELA] -3. In the Connector Setup window, select **Add a Connector**. +3.After installation completes, the Connector Setup window opens. In the Connector Setup window, select **Add a Connector**. ![Connector Setup window - select Add a Connector](images/hp-1.png) 4. Select the **ArcSight FlexConnector REST** connector and click **Next**. ![Connector Setup window - select ArcSight FlexConnector REST](images/hp-2.png) -5. Generate a refresh token to use in the installer: - - a. Open a command prompt. Browse to `C:\ArcSightSmartConnectors\\current\bin`. - - b. Type: `arcsight restutil token -config C:\ArcSightSmartConnectors_Prod\WDATP\WDATP-connector.properties`. - A Web browser window will open. - - c. Type in your credentials then click on the password field to let the page redirect. - - d. In the login prompt enter your `DOMAIN\alias` [AVIV - ARE WE SURE OUR CUSTOMERS FULLOW THE SAME DOMAIN\ALIAS FORMAT?] and your password. After some redirects and providing permission to the app, a token is provided in the command prompt. - - f. Save the token in a secure location. - 6. Type the following information in the parameter details form. All other values in the form are optional and can be left blank. -![Connector Setup - Enter parameter details](images/hp-3.png) - Field | Value :---|:--- Configuration File | Type in the name of the client property file. It must match the client property file. Events URL | https://DataAccess-PRD.trafficmanager.net:444/api/alerts Authentication Type | OAuth 2 OAuth 2 Client Properties file | Select wdatp-connector.properties. -Refresh Token | Paste the refresh token you generated in the previous step. +Refresh Token | [JOEY fix this part!!] User either the URL or the restutil tool.
a. Open a command prompt. Browse to `C:\ArcSightSmartConnectors\\current\bin`. b. Type: `arcsight restutil token -config C:\ArcSightSmartConnectors_Prod\WDATP\WDATP-connector.properties`.A Web browser window will open. c. A browser will open. Type in your credentials then click on the password field to let the page redirect. In the login prompt, enter your credentials. d. A refresh token is provided in the command prompt. -You can leave the destination parameter fields with the default values. +![Connector Setup - Enter parameter details](images/hp-3.png) + +7. You can leave the destination parameter fields with the default values. ![Connector Setup - Enter parameter details](images/hp-5.png) Type in a name for the connector. You can leave the other fields blank.