deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 14:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

update based on sme feedback

Browse Source
This commit is contained in:
Joey Caparas 2017-01-13 13:53:37 -08:00
parent 6e1ba3c78b
commit b39b7173ce
1 changed files with 14 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
View File

@ -38,12 +38,11 @@ This section guides you in getting the necessary information to set and use the
- **client_ID**: OAuth 2 Client ID - **client_ID**: OAuth 2 Client ID
- **client_secret**: OAuth 2 Client secret - **client_secret**: OAuth 2 Client secret
- **auth_url**: Append the following to the value you obtained from the AAD app: ```?resource=https%3A%2F%2FWDATPAlertExport.Seville.onmicrosoft.com ``` - **auth_url**: ```https://login.microsoftonline.com/<tenanID>?resource=https%3A%2F%2FWDATPAlertExport.Seville.onmicrosoft.com ```
For example: `https://<url>/<value>/oauth2/authorize?resource=https%3A%2F%2FWDATPAlertExport.Seville.onmicrosoft.com` - **token_url**: `https://login.microsoftonline.com/<tenantID>/oauth2/token`
- **token_url**: Use your tenant ID URL [JOEY: NOT SURE IF THIS IS CORRECT - PLEASE HELP PROVIDE TECHNICAL DESCRIPTION]
- **redirect_uri**: ```https://localhost:44300/wdatpconnector``` - **redirect_uri**: ```https://localhost:44300/wdatpconnector```
- **scope**: Leave blank [JOEY: NOT SURE IF THIS IS CORRECT - PLEASE CHECK] - **scope**: Leave the value blank
3. Download the wdatp-connector.json.properties file. This file is used to parse the information from Windows Defender ATP to HP ArcSight consumable format. 3. Download the wdatp-connector.json.properties file. This file is used to parse the information from Windows Defender ATP to HP ArcSight consumable format.
(JOEY: UPLOAD FILE IN DOWNLOAD CENTER) (JOEY: UPLOAD FILE IN DOWNLOAD CENTER)
@ -52,49 +51,39 @@ This section guides you in getting the necessary information to set and use the
The following steps assume that you have completed all the required steps in [Before you begin](#before-you-begin). The following steps assume that you have completed all the required steps in [Before you begin](#before-you-begin).
1. Install the latest 32-bit Windows SmartConnector installer. You can find this in the HPE Software center. The tool is typically installed in `C:\ArcSightSmartConnectors\<descriptive_name>\`. 1. Install the latest 32-bit Windows SmartConnector installer. You can find this in the HPE Software center. The tool is typically installed in `C:\ArcSightSmartConnectors\<descriptive_name>\`.
[AVIV, NEED ALL THE SCREENSHOTS HERE]
[AVIV/BRIAN - WHAT IF THEY WANT TO USE 64-BIT? CAN I THEN JUST REMOVE THE WORDS 32-BIT?] [JOEY: follow how HP doc'd it. just put the bullet list.]
>!NOTE:
> descriptive_name is based on the the name of the installer location.
2. Open File Explorer and put the two configuration files in the installation location, for example: 2. Open File Explorer and put the two configuration files in the installation location, for example:
- WDATP-connector.jsonparser.properties: `C:\ArcSightSmartConnectors\<descriptive_name>\current\user\agent\flexagent\` - WDATP-connector.jsonparser.properties: `C:\ArcSightSmartConnectors\<descriptive_name>\current\user\agent\flexagent\`
- WDATP-connector.properties: `C:\ArcSightSmartConnectors\<descriptive_name>\` - WDATP-connector.properties: `C:\ArcSightSmartConnectors\<descriptive_name>\`
[AVIV - I BELIEVE THERE ARE SEVERAL SCREENS BEFORE THE CONNECTOR SETUP IS DISPLAYED. CAN YOU PROVIDE THOSE PLEASE?] [AVIV - I BELIEVE THERE ARE SEVERAL SCREENS BEFORE THE CONNECTOR SETUP IS DISPLAYED. CAN YOU PROVIDE THOSE PLEASE? yes, Aviv to provide, but joey to doc only - CELA]
3. In the Connector Setup window, select **Add a Connector**. 3.After installation completes, the Connector Setup window opens. In the Connector Setup window, select **Add a Connector**.
![Connector Setup window - select Add a Connector](images/hp-1.png) ![Connector Setup window - select Add a Connector](images/hp-1.png)
4. Select the **ArcSight FlexConnector REST** connector and click **Next**. 4. Select the **ArcSight FlexConnector REST** connector and click **Next**.
![Connector Setup window - select ArcSight FlexConnector REST](images/hp-2.png) ![Connector Setup window - select ArcSight FlexConnector REST](images/hp-2.png)
5. Generate a refresh token to use in the installer:
a. Open a command prompt. Browse to `C:\ArcSightSmartConnectors\<descriptive_name>\current\bin`.
b. Type: `arcsight restutil token -config C:\ArcSightSmartConnectors_Prod\WDATP\WDATP-connector.properties`.
A Web browser window will open.
c. Type in your credentials then click on the password field to let the page redirect.
d. In the login prompt enter your `DOMAIN\alias` [AVIV - ARE WE SURE OUR CUSTOMERS FULLOW THE SAME DOMAIN\ALIAS FORMAT?] and your password. After some redirects and providing permission to the app, a token is provided in the command prompt.
f. Save the token in a secure location.
6. Type the following information in the parameter details form. All other values in the form are optional and can be left blank. 6. Type the following information in the parameter details form. All other values in the form are optional and can be left blank.
![Connector Setup - Enter parameter details](images/hp-3.png)
Field | Value Field | Value
:---|:--- :---|:---
Configuration File | Type in the name of the client property file. It must match the client property file. Configuration File | Type in the name of the client property file. It must match the client property file.
Events URL | https://DataAccess-PRD.trafficmanager.net:444/api/alerts Events URL | https://DataAccess-PRD.trafficmanager.net:444/api/alerts
Authentication Type | OAuth 2 Authentication Type | OAuth 2
OAuth 2 Client Properties file | Select wdatp-connector.properties. OAuth 2 Client Properties file | Select wdatp-connector.properties.
Refresh Token | Paste the refresh token you generated in the previous step. Refresh Token | [JOEY fix this part!!] User either the URL or the restutil tool. <br> a. Open a command prompt. Browse to `C:\ArcSightSmartConnectors\<descriptive_name>\current\bin`. b. Type: `arcsight restutil token -config C:\ArcSightSmartConnectors_Prod\WDATP\WDATP-connector.properties`.A Web browser window will open. c. A browser will open. Type in your credentials then click on the password field to let the page redirect. In the login prompt, enter your credentials. d. A refresh token is provided in the command prompt.
You can leave the destination parameter fields with the default values. ![Connector Setup - Enter parameter details](images/hp-3.png)
7. You can leave the destination parameter fields with the default values.
![Connector Setup - Enter parameter details](images/hp-5.png) ![Connector Setup - Enter parameter details](images/hp-5.png)
Type in a name for the connector. You can leave the other fields blank. Type in a name for the connector. You can leave the other fields blank.