deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 18:33:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

add note

Browse Source
This commit is contained in:
Joey Caparas
2018-10-31 16:41:27 -07:00
parent 6254ea4511
commit df0fcbbd7f
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
View File

@ -42,7 +42,7 @@ The _Client credential flow_ uses client credentials to authenticate against the
Use the following method in the Windows Defender ATP API to pull alerts in JSON format.
>[!NOTE]
>Only alerts with a status as "new" are pulled. Alerts that are "in progress" or "resolved" will not be pulled.
>The Windows Defender Security Center merges similar alert detections into a single alert. This API pulls alert detections in its raw form based on the query parameters you set, enabling you to apply your own grouping and filtering.
## Before you begin
- Before calling the Windows Defender ATP endpoint to pull alerts, you'll need to enable the SIEM integration application in Azure Active Directory (AAD). For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md).