deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 19:03:46 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

update topic title, update arcsight content

Browse Source
This commit is contained in:
Joey Caparas
2017-03-16 17:29:48 -07:00
parent 95d998eb96
commit fc72171951
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/keep-secure/TOC.md
View File

@ -773,7 +773,7 @@
##### [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
##### [Configure HP ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
#### [Pull alerts using REST API](generic-api-windows-defender-advanced-threat-protection.md)
##### [SIEM schema portal mapping](api-portal-mapping-windows-defender-advanced-threat-protection.md)
##### [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
#### [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md)
##### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
##### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)

8
windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
View File

@ -62,7 +62,7 @@ The following steps assume that you have completed all the required steps in [Be
You can keep the default values for each of these tasks or modify the selection to suit your requirements.
3. Open File Explorer and put the two configuration files in the installation location, for example:
3. Open File Explorer and locate the two configuration files you saved when you enabled the SIEM integration feature. Put the two files in the SmartConnector installation location, for example:
- WDATP-connector.jsonparser.properties: C:\\*folder_location*\current\user\agent\flexagent\
@ -84,8 +84,8 @@ The following steps assume that you have completed all the required steps in [Be
</tr>
<tr>
<td>Configuration File</td>
<td>Type in the name of the client property file. It must match the client property file.
For example, if the configuration file in "flexagent" directory is named "WDATP-Connector.jsonparser.properties", the field must be names as the suffix which is "WDATP-Connector".</td>
<td>Type in the name of the client property file. The name must match the file provided in the .zip that you downloaded.
For example, if the configuration file in "flexagent" directory is named "WDATP-Connector.jsonparser.properties", you must type "WDATP-Connector" as the name of the client property file.</td>
</tr>
<td>Events URL</td>
<td>Depending on the location of your datacenter, select either the EU or the US URL: </br></br> **For EU**: https://<i></i>wdatp-alertexporter-eu.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME
@ -95,7 +95,7 @@ The following steps assume that you have completed all the required steps in [Be
<td>OAuth 2</td>
</tr>
<td>OAuth 2 Client Properties file</td>
<td>Browse to the location of the *wdatp-connector.properties* file.</td>
<td>Browse to the location of the *wdatp-connector.properties* file. The name must match the file provided in the .zip that you downloaded.</td>
<tr>
<td>Refresh Token</td>
<td>You can obtain a refresh token in two ways: by generating a refresh token from the **SIEM integration preferences setup** page or using the restutil tool. <br><br> For more information on generating a refresh token from the **Preferences setup** , see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md). </br> </br>**Get your refresh token using the restutil tool:** </br> a. Open a command prompt. Navigate to C:\\*folder_location*\current\bin where *folder_location* represents the location where you installed the tool. </br></br> b. Type: `arcsight restutil token -config` from the bin directory. A Web browser window will open. </br> </br>c. Type in your credentials then click on the password field to let the page redirect. In the login prompt, enter your credentials. </br> </br>d. A refresh token is shown in the command prompt. </br></br> e. Copy and paste it into the **Refresh Token** field.