portal mapping updates

windows/keep-secure/TOC.md

@@ -768,12 +768,12 @@
 ######## [Submit files for analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
 ######## [View deep analysis reports](respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
 ######## [Troubleshoot deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
-#### [Configure SIEM tools to consume alerts](configure-siem-windows-defender-advanced-threat-protection.md)
+#### [Configure SIEM tools to pull alerts](configure-siem-windows-defender-advanced-threat-protection.md)
 ##### [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
-##### [Configure Splunk to consume Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
+##### [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
-##### [Configure HP ArcSight to consume Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
+##### [Configure HP ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
 #### [Pull alerts using REST API](generic-api-windows-defender-advanced-threat-protection.md)
-##### [SIEM schema portal mapping](siem-portal-mapping-windows-defender-advanced-threat-protection.md)
+##### [SIEM schema portal mapping](api-portal-mapping-windows-defender-advanced-threat-protection.md)
 #### [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md)
 ##### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
 ##### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)

windows/keep-secure/api-portal-mapping-windows-defender-advanced-threat-protection.md

@@ -1,7 +1,7 @@
 ---
-title: Security information and events management (SIEM) schema and portal mapping
+title: Windows Defender ATP alert API fields
-description: Understand how the SIEM schema maps to the values in the Windows Defender ATP portal.
+description: Understand how the alert API fields map to the values in the Windows Defender ATP portal.
-keywords: alerts, pull alerts, rest api, request, response,
+keywords: alerts, alert fields, fields, api, fields, pull alerts, rest api, request, response
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -11,7 +11,7 @@ author: mjcaparas
 localizationpriority: high
 ---
 
-# SIEM schema portal mapping
+# Windows Defender ATP alert API fields
 
 **Applies to:**
 

windows/keep-secure/configure-siem-windows-defender-advanced-threat-protection.md

@@ -37,7 +37,7 @@ To use either of these supported SIEM tools you'll need to:
     - [Configure Splunk to pull alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
     - [Configure HP ArcSight to pull alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
 
-For list of fields exposed in the Alerts API see Windows Defender ATP Alerts API fields (change title of the page according to link and add this part only once we finish working on the article with table of fields)
+For list of fields exposed in the alerts API see Windows Defender ATP alert API fields (change title of the page according to link and add this part only once we finish working on the article with table of fields)
 
 ## Pull Windows Defender ATP alerts using REST API
 Windows Defender ATP supports the OAuth 2.0 protocol to pull alerts using REST API.