new troubleshoot topic - get secret

2025-06-17 11:23:45 +00:00 · 2017-03-29 13:55:39 -07:00
parent 5c41712e45
commit d2f42e3f43
6 changed files with 57 additions and 0 deletions
--- a/windows/keep-secure/api-portal-mapping-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/api-portal-mapping-windows-defender-advanced-threat-protection.md
@ -78,3 +78,4 @@ Portal label  | SIEM field name | Description
 - [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md)
 - [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md)
 - [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
+- [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)
--- a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
@ -183,3 +183,4 @@ Windows Defender ATP alerts will appear as discrete events, with "Microsoft” a
 - [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md)
 - [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
 - [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
+- [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)
--- a/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md
@ -138,3 +138,4 @@ Use the solution explorer to view alerts in Splunk.
 - [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md)
 - [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
 - [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
+- [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)
--- a/windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md
@ -53,3 +53,4 @@ You can now proceed with configuring your SIEM solution or connecting to the ale
 - [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md)
 - [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
 - [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
+- [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)
--- a/windows/keep-secure/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
@ -193,3 +193,4 @@ HTTP error code | Description
 - [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md)
 - [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md)
 - [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
+- [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)
--- a/windows/keep-secure/troubleshoot-siem-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/troubleshoot-siem-windows-defender-advanced-threat-protection.md
@ -0,0 +1,52 @@
+---
+title: Troubleshoot SIEM tool integration issues in Windows Defender ATP
+description: Troubleshoot issues that might arise when using SIEM tools with Windows Defender ATP.
+keywords: troubleshoot, siem, client secret, secret
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+---
+
+# Troubleshoot SIEM tool integration issues
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+You might need to troubleshoot issues while pulling alerts in your SIEM tools.
+
+This page provides detailed steps to troubleshoot issues you might encounter.
+
+
+## Learn how to get a new client secret
+If your client secret expires or if you've misplaced the copy provided when you were enabling the custom threat intelligence application,  you'll need to get a new secret.
+
+1. Login to the [Azure management portal](https://ms.portal.azure.com).
+
+2. Select **Active Directory**.
+
+3. Select your tenant.
+
+4. Click **Application**, then select your custom threat intelligence application. The application name is **GET FROM SME**.
+
+5. Select **Keys** section, then provide a key description and specify the key validity duration.
+
+6. Click **Save**. The key value is displayed.
+
+7. Copy the value and save it in a safe place.
+
+
+## Related topics
+- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
+- [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md)
+- [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md)
+- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
+- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)