deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 06:47:21 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

update based on sme feedback

Browse Source
This commit is contained in:
Joey Caparas 2017-01-13 13:53:37 -08:00
parent 6e1ba3c78b
commit b39b7173ce
1 changed files with 14 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
View File

@ -38,12 +38,11 @@ This section guides you in getting the necessary information to set and use the
- **client_ID**: OAuth 2 Client ID
- **client_secret**: OAuth 2 Client secret
- **auth_url**: Append the following to the value you obtained from the AAD app: ```?resource=https%3A%2F%2FWDATPAlertExport.Seville.onmicrosoft.com ```
- **auth_url**: ```https://login.microsoftonline.com/<tenanID>?resource=https%3A%2F%2FWDATPAlertExport.Seville.onmicrosoft.com ```
For example: `https://<url>/<value>/oauth2/authorize?resource=https%3A%2F%2FWDATPAlertExport.Seville.onmicrosoft.com`
- **token_url**: Use your tenant ID URL [JOEY: NOT SURE IF THIS IS CORRECT - PLEASE HELP PROVIDE TECHNICAL DESCRIPTION]
- **token_url**: `https://login.microsoftonline.com/<tenantID>/oauth2/token`
- **redirect_uri**: ```https://localhost:44300/wdatpconnector```
- **scope**: Leave blank [JOEY: NOT SURE IF THIS IS CORRECT - PLEASE CHECK]
- **scope**: Leave the value blank
3. Download the wdatp-connector.json.properties file. This file is used to parse the information from Windows Defender ATP to HP ArcSight consumable format.
(JOEY: UPLOAD FILE IN DOWNLOAD CENTER)
@ -52,49 +51,39 @@ This section guides you in getting the necessary information to set and use the
The following steps assume that you have completed all the required steps in [Before you begin](#before-you-begin).
1. Install the latest 32-bit Windows SmartConnector installer. You can find this in the HPE Software center. The tool is typically installed in `C:\ArcSightSmartConnectors\<descriptive_name>\`.
[AVIV, NEED ALL THE SCREENSHOTS HERE]
[AVIV/BRIAN - WHAT IF THEY WANT TO USE 64-BIT? CAN I THEN JUST REMOVE THE WORDS 32-BIT?]
[JOEY: follow how HP doc'd it. just put the bullet list.]
>!NOTE:
> descriptive_name is based on the the name of the installer location.
2. Open File Explorer and put the two configuration files in the installation location, for example:
- WDATP-connector.jsonparser.properties: `C:\ArcSightSmartConnectors\<descriptive_name>\current\user\agent\flexagent\`
- WDATP-connector.properties: `C:\ArcSightSmartConnectors\<descriptive_name>\`
[AVIV - I BELIEVE THERE ARE SEVERAL SCREENS BEFORE THE CONNECTOR SETUP IS DISPLAYED. CAN YOU PROVIDE THOSE PLEASE?]
[AVIV - I BELIEVE THERE ARE SEVERAL SCREENS BEFORE THE CONNECTOR SETUP IS DISPLAYED. CAN YOU PROVIDE THOSE PLEASE? yes, Aviv to provide, but joey to doc only - CELA]
3. In the Connector Setup window, select **Add a Connector**.
3.After installation completes, the Connector Setup window opens. In the Connector Setup window, select **Add a Connector**.
![Connector Setup window - select Add a Connector](images/hp-1.png)
4. Select the **ArcSight FlexConnector REST** connector and click **Next**.
![Connector Setup window - select ArcSight FlexConnector REST](images/hp-2.png)
5. Generate a refresh token to use in the installer:
a. Open a command prompt. Browse to `C:\ArcSightSmartConnectors\<descriptive_name>\current\bin`.
b. Type: `arcsight restutil token -config C:\ArcSightSmartConnectors_Prod\WDATP\WDATP-connector.properties`.
A Web browser window will open.
c. Type in your credentials then click on the password field to let the page redirect.
d. In the login prompt enter your `DOMAIN\alias` [AVIV - ARE WE SURE OUR CUSTOMERS FULLOW THE SAME DOMAIN\ALIAS FORMAT?] and your password. After some redirects and providing permission to the app, a token is provided in the command prompt.
f. Save the token in a secure location.
6. Type the following information in the parameter details form. All other values in the form are optional and can be left blank.
![Connector Setup - Enter parameter details](images/hp-3.png)
Field | Value
:---|:---
Configuration File | Type in the name of the client property file. It must match the client property file.
Events URL | https://DataAccess-PRD.trafficmanager.net:444/api/alerts
Authentication Type | OAuth 2
OAuth 2 Client Properties file | Select wdatp-connector.properties.
Refresh Token | Paste the refresh token you generated in the previous step.
Refresh Token | [JOEY fix this part!!] User either the URL or the restutil tool. <br> a. Open a command prompt. Browse to `C:\ArcSightSmartConnectors\<descriptive_name>\current\bin`. b. Type: `arcsight restutil token -config C:\ArcSightSmartConnectors_Prod\WDATP\WDATP-connector.properties`.A Web browser window will open. c. A browser will open. Type in your credentials then click on the password field to let the page redirect. In the login prompt, enter your credentials. d. A refresh token is provided in the command prompt.
You can leave the destination parameter fields with the default values.
![Connector Setup - Enter parameter details](images/hp-3.png)
7. You can leave the destination parameter fields with the default values.
![Connector Setup - Enter parameter details](images/hp-5.png)
Type in a name for the connector. You can leave the other fields blank.