From 28a81362bffc836452b8ef5d355d78cd7a038fbd Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 22 May 2020 15:05:55 -0700 Subject: [PATCH 1/2] remove from toc fix redirect --- .openpublishing.redirection.json | 2 +- windows/security/threat-protection/TOC.md | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 863e6b22b7..bf51ddcd42 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -1353,7 +1353,7 @@ }, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-siem", "redirect_document_id": false }, { diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 75641809bf..50032d076f 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -573,7 +573,6 @@ ##### [Understand threat intelligence concepts](microsoft-defender-atp/threat-indicator-concepts.md) ##### [Learn about different ways to pull detections](microsoft-defender-atp/configure-siem.md) ##### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md) -##### [Configure Splunk to pull detections](microsoft-defender-atp/configure-splunk.md) ##### [Configure Micro Focus ArcSight to pull detections](microsoft-defender-atp/configure-arcsight.md) ##### [Microsoft Defender ATP detection fields](microsoft-defender-atp/api-portal-mapping.md) ##### [Pull detections using SIEM REST API](microsoft-defender-atp/pull-alerts-using-rest-api.md) From 73ff781a3c6e503aeddc7ace4453ffc1306430a2 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 22 May 2020 15:09:46 -0700 Subject: [PATCH 2/2] fix bullet --- .../microsoft-defender-atp/configure-siem.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md b/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md index 0d95a0d4e0..d5f2d69d6c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md @@ -27,10 +27,10 @@ ms.topic: article ## Pull detections using security information and events management (SIEM) tools ->[!Note] +>[!NOTE] >- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections. >- [Microsoft Defender ATP Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Machine and its related Alert details. ->-The Microsoft Defender ATP Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md). +>- The Microsoft Defender ATP Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md). Microsoft Defender ATP supports security information and event management (SIEM) tools to pull detections. Microsoft Defender ATP exposes alerts through an HTTPS endpoint hosted in Azure. The endpoint can be configured to pull detections from your enterprise tenant in Azure Active Directory (AAD) using the OAuth 2.0 authentication protocol for an AAD application that represents the specific SIEM connector installed in your environment.