deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 06:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

fix note

Browse Source
This commit is contained in:
Joey Caparas 2017-03-14 11:51:13 -07:00
parent 1fc504eff8
commit da24d27ec4
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
windows/keep-secure/siem-portal-mapping-windows-defender-advanced-threat-protection.md
View File

@ -69,4 +69,5 @@ Image label | SIEM field name | Description | Matching field in portal
27 | Sha256 | Sha256 of file observed | File Sha256 in file side pane (when available) 27 | Sha256 | Sha256 of file observed | File Sha256 in file side pane (when available)
28 | Md5 | Md5 of file observed | File Md5 in file side pane (when available) 28 | Md5 | Md5 of file observed | File Md5 in file side pane (when available)
>[!NOTE] A single AlertID represents an IOA detection and may contain multiple IOCs. In such a cases, they will be exported to the SIEM tool as multiple instances. For every instance with the same AlertID, fields #1-8 will be identical while fields #9-18 will be different according to the new IOC information. Fields #20-28 are related to Windows Defender AV alerts. >[!NOTE]
>A single AlertID represents an IOA detection and may contain multiple IOCs. In such a cases, they will be exported to the SIEM tool as multiple instances. For every instance with the same AlertID, fields #1-8 will be identical while fields #9-18 will be different according to the new IOC information. Fields #20-28 are related to Windows Defender AV alerts.