deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 14:27:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

add note on alerts that are pulled

Browse Source
This commit is contained in:
Joey Caparas 2018-10-26 11:07:16 -07:00
parent 88af5432f8
commit cb7eda9f2a
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
View File

@ -11,7 +11,7 @@ ms.pagetype: security
ms.author: macapara ms.author: macapara
author: mjcaparas author: mjcaparas
ms.localizationpriority: medium ms.localizationpriority: medium
ms.date: 04/24/2018 ms.date: 10/26/2018
--- ---
# Pull Windows Defender ATP alerts using REST API # Pull Windows Defender ATP alerts using REST API
@ -41,6 +41,9 @@ The _Client credential flow_ uses client credentials to authenticate against the
Use the following method in the Windows Defender ATP API to pull alerts in JSON format. Use the following method in the Windows Defender ATP API to pull alerts in JSON format.
>[!NOTE]
>Only alerts with a status as "new" are pulled. Alerts with that are "in progress" or "resolved" will not be pulled.
## Before you begin ## Before you begin
- Before calling the Windows Defender ATP endpoint to pull alerts, you'll need to enable the SIEM integration application in Azure Active Directory (AAD). For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md). - Before calling the Windows Defender ATP endpoint to pull alerts, you'll need to enable the SIEM integration application in Azure Active Directory (AAD). For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md).