deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 02:13:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

fix link

Browse Source
This commit is contained in:
Joey Caparas
2017-03-16 17:45:31 -07:00
parent 8d203ff0e0
commit b81897ac6c
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/keep-secure/TOC.md
View File

@ -772,7 +772,7 @@
##### [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
##### [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
##### [Configure HP ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
#### [Pull alerts using REST API](pull-alerts-using-api-windows-defender-advanced-threat-protection.md)
#### [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
##### [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
#### [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md)
##### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)

8
windows/keep-secure/configure-siem-windows-defender-advanced-threat-protection.md
View File

@ -1,6 +1,6 @@
---
title: Pull alerts and create custom indicators in Windows Defender Advanced Threat Protection
description: Learn how to configure supported security information and events management tools to receive and pull alerts and create custom indicators using REST API.
title: Configure SIEM tools to pull alerts in Windows Defender Advanced Threat Protection
description: Learn how to configure supported security information and events management tools to receive and pull alerts using REST API.
keywords: configure siem, security information and events management tools, splunk, arcsight, custom indicators, rest api, alert definitions, indicators of compromise
search.product: eADQiWindows 10XVcnh
ms.prod: w10
@ -11,7 +11,7 @@ author: mjcaparas
localizationpriority: high
---
# Pull alerts and create custom indicators
# Configure SIEM tools to pull alerts
**Applies to:**
@ -37,7 +37,7 @@ To use either of these supported SIEM tools you'll need to:
- [Configure Splunk to pull alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
- [Configure HP ArcSight to pull alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
For list of fields exposed in the alerts API see Windows Defender ATP alert API fields (change title of the page according to link and add this part only once we finish working on the article with table of fields)
For more information on the list of fields exposed in the alerts API, see [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md.)
## Pull Windows Defender ATP alerts using REST API
Windows Defender ATP supports the OAuth 2.0 protocol to pull alerts using REST API.