From ff3ffa2d4569c48f05114cb41f73e2a2edfceeb0 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 19 Oct 2017 13:18:38 -0700 Subject: [PATCH] add note re: generate new tokens 90 days --- ...ntegration-windows-defender-advanced-threat-protection.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md index 237d8c2a56..3e23f243aa 100644 --- a/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md @@ -51,9 +51,14 @@ Enable security information and event management (SIEM) integration so you can p 4. Copy the individual values or select **Save details to file** to download a file that contains all the values. 5. Select **Generate tokens** to get an access and refresh token. + + > [!NOTE] + > You'll need to generate new Access token every 90 days. You can now proceed with configuring your SIEM solution or connecting to the alerts REST API through programmatic access. You'll need to use the tokens when configuring your SIEM solution to allow it to receive alerts from the Windows Defender ATP portal. + + ## Related topics - [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md) - [Configure HP ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)