diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md index 70133bb672..a4d644c3e2 100644 --- a/windows/keep-secure/TOC.md +++ b/windows/keep-secure/TOC.md @@ -768,12 +768,12 @@ ######## [Submit files for analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis) ######## [View deep analysis reports](respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports) ######## [Troubleshoot deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis) -#### [Configure SIEM tools to consume alerts](configure-siem-windows-defender-advanced-threat-protection.md) +#### [Configure SIEM tools to pull alerts](configure-siem-windows-defender-advanced-threat-protection.md) ##### [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md) -##### [Configure Splunk to consume Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md) -##### [Configure HP ArcSight to consume Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md) +##### [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md) +##### [Configure HP ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md) #### [Pull alerts using REST API](generic-api-windows-defender-advanced-threat-protection.md) -##### [SIEM schema portal mapping](siem-portal-mapping-windows-defender-advanced-threat-protection.md) +##### [SIEM schema portal mapping](api-portal-mapping-windows-defender-advanced-threat-protection.md) #### [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md) ##### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) ##### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/siem-portal-mapping-windows-defender-advanced-threat-protection.md b/windows/keep-secure/api-portal-mapping-windows-defender-advanced-threat-protection.md similarity index 92% rename from windows/keep-secure/siem-portal-mapping-windows-defender-advanced-threat-protection.md rename to windows/keep-secure/api-portal-mapping-windows-defender-advanced-threat-protection.md index 20a45772f7..29f873260a 100644 --- a/windows/keep-secure/siem-portal-mapping-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/api-portal-mapping-windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- -title: Security information and events management (SIEM) schema and portal mapping -description: Understand how the SIEM schema maps to the values in the Windows Defender ATP portal. -keywords: alerts, pull alerts, rest api, request, response, +title: Windows Defender ATP alert API fields +description: Understand how the alert API fields map to the values in the Windows Defender ATP portal. +keywords: alerts, alert fields, fields, api, fields, pull alerts, rest api, request, response search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy @@ -11,7 +11,7 @@ author: mjcaparas localizationpriority: high --- -# SIEM schema portal mapping +# Windows Defender ATP alert API fields **Applies to:** diff --git a/windows/keep-secure/configure-siem-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-siem-windows-defender-advanced-threat-protection.md index a70a185dc7..768f626ebd 100644 --- a/windows/keep-secure/configure-siem-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-siem-windows-defender-advanced-threat-protection.md @@ -37,7 +37,7 @@ To use either of these supported SIEM tools you'll need to: - [Configure Splunk to pull alerts](configure-splunk-windows-defender-advanced-threat-protection.md) - [Configure HP ArcSight to pull alerts](configure-arcsight-windows-defender-advanced-threat-protection.md) -For list of fields exposed in the Alerts API see Windows Defender ATP Alerts API fields (change title of the page according to link and add this part only once we finish working on the article with table of fields) +For list of fields exposed in the alerts API see Windows Defender ATP alert API fields (change title of the page according to link and add this part only once we finish working on the article with table of fields) ## Pull Windows Defender ATP alerts using REST API Windows Defender ATP supports the OAuth 2.0 protocol to pull alerts using REST API.