From d2f42e3f4398b483bb7c9d96e2188dd923241a78 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Wed, 29 Mar 2017 13:55:39 -0700
Subject: [PATCH] new troubleshoot topic - get secret

---
 ...ows-defender-advanced-threat-protection.md |  1 +
 ...ows-defender-advanced-threat-protection.md |  1 +
 ...ows-defender-advanced-threat-protection.md |  1 +
 ...ows-defender-advanced-threat-protection.md |  1 +
 ...ows-defender-advanced-threat-protection.md |  1 +
 ...ows-defender-advanced-threat-protection.md | 52 +++++++++++++++++++
 6 files changed, 57 insertions(+)
 create mode 100644 windows/keep-secure/troubleshoot-siem-windows-defender-advanced-threat-protection.md

diff --git a/windows/keep-secure/api-portal-mapping-windows-defender-advanced-threat-protection.md b/windows/keep-secure/api-portal-mapping-windows-defender-advanced-threat-protection.md
index d551629b2e..b3c77c715f 100644
--- a/windows/keep-secure/api-portal-mapping-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/api-portal-mapping-windows-defender-advanced-threat-protection.md
@@ -78,3 +78,4 @@ Portal label  | SIEM field name | Description
 - [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md)
 - [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md)
 - [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
+- [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
index 21b8b172ec..24a44e8c0a 100644
--- a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
@@ -183,3 +183,4 @@ Windows Defender ATP alerts will appear as discrete events, with "Microsoft” a
 - [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md)
 - [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
 - [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
+- [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md
index f40c7d579d..976071237b 100644
--- a/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md
@@ -138,3 +138,4 @@ Use the solution explorer to view alerts in Splunk.
 - [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md)
 - [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
 - [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
+- [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md b/windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md
index a645f8ccad..d58165e02a 100644
--- a/windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md
@@ -53,3 +53,4 @@ You can now proceed with configuring your SIEM solution or connecting to the ale
 - [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md)
 - [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
 - [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
+- [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md b/windows/keep-secure/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
index 670143cd10..785b003629 100644
--- a/windows/keep-secure/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
@@ -193,3 +193,4 @@ HTTP error code | Description
 - [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md)
 - [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md)
 - [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
+- [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/troubleshoot-siem-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-siem-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..a032c56479
--- /dev/null
+++ b/windows/keep-secure/troubleshoot-siem-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,52 @@
+---
+title: Troubleshoot SIEM tool integration issues in Windows Defender ATP
+description: Troubleshoot issues that might arise when using SIEM tools with Windows Defender ATP.
+keywords: troubleshoot, siem, client secret, secret
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+---
+
+# Troubleshoot SIEM tool integration issues
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+You might need to troubleshoot issues while pulling alerts in your SIEM tools.
+
+This page provides detailed steps to troubleshoot issues you might encounter.
+
+
+## Learn how to get a new client secret
+If your client secret expires or if you've misplaced the copy provided when you were enabling the custom threat intelligence application,  you'll need to get a new secret.
+
+1. Login to the [Azure management portal](https://ms.portal.azure.com).
+
+2. Select **Active Directory**.
+
+3. Select your tenant.
+
+4. Click **Application**, then select your custom threat intelligence application. The application name is **GET FROM SME**.
+
+5. Select **Keys** section, then provide a key description and specify the key validity duration.
+
+6. Click **Save**. The key value is displayed.
+
+7. Copy the value and save it in a safe place.
+
+
+## Related topics
+- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
+- [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md)
+- [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md)
+- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
+- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)