deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 13:57:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

fix notes and warnings

Browse Source
This commit is contained in:
Joey Caparas 2017-03-22 15:25:07 -07:00
parent ae0db8ec8a
commit c5e0342956
6 changed files with 22 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
View File

@ -68,8 +68,9 @@ The following steps assume that you have completed all the required steps in [Be
- WDATP-connector.properties: C:\\*folder_location*\current\user\agent\flexagent\ - WDATP-connector.properties: C:\\*folder_location*\current\user\agent\flexagent\
>[!NOTE] > [!NOTE]
>You must put the configuration files in this location, where *folder_location* represents the location where you installed the tool. > You must put the configuration files in this location, where *folder_location* represents the location where you installed the tool.
4. After the installation of the core connector completes, the Connector Setup window opens. In the Connector Setup window, select **Add a Connector**. 4. After the installation of the core connector completes, the Connector Setup window opens. In the Connector Setup window, select **Add a Connector**.
5. Select Type: **ArcSight FlexConnector REST** and click **Next**. 5. Select Type: **ArcSight FlexConnector REST** and click **Next**.

10
windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md
View File

@ -42,14 +42,16 @@ You'll need to configure Splunk so that it can pull Windows Defender ATP alerts.
2. Click **Search & Reporting**, then **Settings** > **Data inputs**. 2. Click **Search & Reporting**, then **Settings** > **Data inputs**.
3. Click **REST** under **Local inputs**. 3. Click **REST** under **Local inputs**.
> [!NOTE]
> This input will only appear after you install the [REST API Modular Input app](https://splunkbase.splunk.com/app/1546/). > [!NOTE]
> This input will only appear after you install the [REST API Modular Input app](https://splunkbase.splunk.com/app/1546/).
4. Click **New**. 4. Click **New**.
5. Type the following values in the required fields, then click **Save**: 5. Type the following values in the required fields, then click **Save**:
> [!NOTE]
>All other values in the form are optional and can be left blank. > [!NOTE]
> All other values in the form are optional and can be left blank.
<table> <table>
<tbody style="vertical-align:top;"> <tbody style="vertical-align:top;">

6
windows/keep-secure/enable-custom-ti-windows-defender-advanced-threat-protection.md
View File

@ -31,9 +31,9 @@ Before you can create custom threat intelligence (TI) using REST API, you'll nee
3. Copy the individual values or select **Save details to file** to download a file that contains all the values. 3. Copy the individual values or select **Save details to file** to download a file that contains all the values.
>[!WARNING] > [!WARNING]
>The client secret is only displayed once. Make sure you keep a copy of it in a safe place. > The client secret is only displayed once. Make sure you keep a copy of it in a safe place.
>For more information about getting a new secret see, [Learn how to get a new secret](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md#learn-how-to-get-a-new-client-secret). > For more information about getting a new secret see, [Learn how to get a new secret](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md#learn-how-to-get-a-new-client-secret).
4. Select **Generate tokens** to get an access and refresh token. 4. Select **Generate tokens** to get an access and refresh token.

11
windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md
View File

@ -29,13 +29,14 @@ Enable security information and event management (SIEM) integration so you can p
2. Select **Enable SIEM integration**. This activates the **SIEM connector access details** section with pre-populated values and an application is created under you Azure Active Directory (AAD) tenant. 2. Select **Enable SIEM integration**. This activates the **SIEM connector access details** section with pre-populated values and an application is created under you Azure Active Directory (AAD) tenant.
>[!WARNING] > [!WARNING]
>The client secret is only displayed once. Make sure you keep a copy of it in a safe place. > The client secret is only displayed once. Make sure you keep a copy of it in a safe place.
>For more information about getting a new secret see, [Learn how to get a new secret](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md#learn-how-to-get-a-new-client-secret). > For more information about getting a new secret see, [Learn how to get a new secret](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md#learn-how-to-get-a-new-client-secret).
3. Choose the SIEM type you use in your organization. 3. Choose the SIEM type you use in your organization.
>[!NOTE]
>If you select HP ArcSight, you'll need to save these two configuration files: > [!NOTE]
> If you select HP ArcSight, you'll need to save these two configuration files:
> - WDATP-connector.jsonparser.properties > - WDATP-connector.jsonparser.properties
> - WDATP-connector.properties > - WDATP-connector.properties
> If you want to connect directly to the alerts REST API through programmatic access, choose **Generic API**. > If you want to connect directly to the alerts REST API through programmatic access, choose **Generic API**.

6
windows/keep-secure/general-settings-windows-defender-advanced-threat-protection.md
View File

@ -23,10 +23,12 @@ localizationpriority: high
During the onboarding process, a wizard takes you through the general settings of Windows Defender ATP. After onboarding, you might want to update some settings which you'll be able to do through the **Preferences setup** menu. During the onboarding process, a wizard takes you through the general settings of Windows Defender ATP. After onboarding, you might want to update some settings which you'll be able to do through the **Preferences setup** menu.
1. In the navigation pane, select **Preferences setup** > **General**. 1. In the navigation pane, select **Preferences setup** > **General**.
2. Modify settings such as data retention policy or the industry that best describes your organization. 2. Modify settings such as data retention policy or the industry that best describes your organization.
>[!NOTE] > [!NOTE]
>Other settings are not editable. > Other settings are not editable.
3. Click **Save preferences**. 3. Click **Save preferences**.

BIN
windows/keep-secure/images/rules-legend.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 104 KiB

After

Width:  |  Height:  |  Size: 75 KiB