Skip to content

Splunk Add-on for Microsoft Security
Version 2.4.1
Vendor Products Microsoft 365 Defender, Defender for Endpoint, Azure Event Hubs, Microsoft Defender Threat Intelligence
Visible in Splunk Web Yes, this add-on contains configuration

The Splunk Add-on for Microsoft Security collects incidents and related information from Microsoft 365 Defender and alerts from Microsoft Defender for Endpoint.

This Add-on collects simulation data from Microsoft Defender for Endpoint and Microsoft 365 Defender Advanced Hunting events data from Azure Event Hubs, which is streamed in real-time from Microsoft Defender Portal using streaming API.

This Add-on collects Microsoft Defender Threat Intelligence data.

Download the Splunk Add-on for Microsoft Security from the Splunkbase.