From df0fcbbd7f118c8d4dfdedb968fd47f00627b249 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 31 Oct 2018 16:41:27 -0700 Subject: [PATCH] add note --- ...sing-rest-api-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md index 52d6e869ad..41f2560c89 100644 --- a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md @@ -42,7 +42,7 @@ The _Client credential flow_ uses client credentials to authenticate against the Use the following method in the Windows Defender ATP API to pull alerts in JSON format. >[!NOTE] ->Only alerts with a status as "new" are pulled. Alerts that are "in progress" or "resolved" will not be pulled. +>The Windows Defender Security Center merges similar alert detections into a single alert. This API pulls alert detections in its raw form based on the query parameters you set, enabling you to apply your own grouping and filtering. ## Before you begin - Before calling the Windows Defender ATP endpoint to pull alerts, you'll need to enable the SIEM integration application in Azure Active Directory (AAD). For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md).