deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-17 19:33:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

new troubleshoot topic - get secret

Browse Source
This commit is contained in:
Joey Caparas
2017-03-29 13:55:39 -07:00
parent 5c41712e45
commit d2f42e3f43
6 changed files with 57 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
windows/keep-secure/api-portal-mapping-windows-defender-advanced-threat-protection.md
View File

@ -78,3 +78,4 @@ Portal label | SIEM field name | Description
- [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md)
- [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md)
- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
- [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)

1
windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
View File

@ -183,3 +183,4 @@ Windows Defender ATP alerts will appear as discrete events, with "Microsoft” a
- [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md)
- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
- [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)

1
windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md
View File

@ -138,3 +138,4 @@ Use the solution explorer to view alerts in Splunk.
- [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md)
- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
- [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)

1
windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md
View File

@ -53,3 +53,4 @@ You can now proceed with configuring your SIEM solution or connecting to the ale
- [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md)
- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
- [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)

1
windows/keep-secure/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
View File

@ -193,3 +193,4 @@ HTTP error code | Description
- [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md)
- [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md)
- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
- [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)

52
windows/keep-secure/troubleshoot-siem-windows-defender-advanced-threat-protection.md Normal file
View File

@ -0,0 +1,52 @@
---
title: Troubleshoot SIEM tool integration issues in Windows Defender ATP
description: Troubleshoot issues that might arise when using SIEM tools with Windows Defender ATP.
keywords: troubleshoot, siem, client secret, secret
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: mjcaparas
localizationpriority: high
---
# Troubleshoot SIEM tool integration issues
**Applies to:**
- Windows 10 Enterprise
- Windows 10 Education
- Windows 10 Pro
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
You might need to troubleshoot issues while pulling alerts in your SIEM tools.
This page provides detailed steps to troubleshoot issues you might encounter.
## Learn how to get a new client secret
If your client secret expires or if you've misplaced the copy provided when you were enabling the custom threat intelligence application, you'll need to get a new secret.
1. Login to the [Azure management portal](https://ms.portal.azure.com).
2. Select **Active Directory**.
3. Select your tenant.
4. Click **Application**, then select your custom threat intelligence application. The application name is **GET FROM SME**.
5. Select **Keys** section, then provide a key description and specify the key validity duration.
6. Click **Save**. The key value is displayed.
7. Copy the value and save it in a safe place.
## Related topics
- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
- [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md)
- [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md)
- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)