Splunk Add-on for Microsoft Security¶
Version 2.5.0 of the Splunk Add-on for Microsoft Security was released on April 29, 2025. This release contains a new input responsible for pulling data from the Microsoft List Machines API, mTLS support and two new event types: ms_security_machines and ms_security_eventhub_url_click_event.
| Version | 2.5.0 |
| Vendor Products | Microsoft 365 Defender, Defender for Endpoint, Azure Event Hubs, Microsoft Defender Threat Intelligence |
| Visible in Splunk Web | Yes, this add-on contains configuration |
The Splunk Add-on for Microsoft Security collects incidents and related information from Microsoft 365 Defender and alerts from Microsoft Defender for Endpoint.
This Add-on collects simulation data from Microsoft Defender for Endpoint and Microsoft 365 Defender Advanced Hunting events data from Azure Event Hubs, which is streamed in real-time from Microsoft Defender Portal using streaming API.
This Add-on collects Microsoft Defender Threat Intelligence data.
Download the Splunk Add-on for Microsoft Security from the Splunkbase.