Skip to content

Use Dashboards to view the analytics for the Splunk Add-on for Microsoft Security

MS Security TA logs Dashboard

You can view the log analytics and performance data for the Splunk Add-on for Microsoft Security using this dashboard.

  1. Navigate to Add-on UI > Log Analytics > MS Security TA logs.
  2. Select time range from timepicker with label Time for logs in the top left corner.
  3. Now you can view different type of analytics and panels related to TA logs.

Panels provided in this Dashboard include:

  • Microsoft Security TA
  • Roles for the MS Security (Requires DEBUG logs enabled)
  • CPU consumption (Supported only on specific OS)
  • Memory consumption (Supported only on specific OS)
  • ATP Alerts ingested
  • Defender Incidents ingested
    • Defender Incidents
    • Defender Alerts associated with Incidents
  • Events from EventHub ingested
  • Advance Hunting ingested
  • Phishing Simulation Attack ingested
  • EPS by MS Security sourcetype (EPS stands for Events per Second)
  • MS Security .conf current changes
  • MS Security .conf update frequency

MS Security TA Errors Dashboard

You can view the Error analytics and performance data sourcetype wise for the Splunk Add-on for Microsoft Security using this dashboard.

  1. Navigate to Add-on UI > Log Analytics > MS Security TA Errors.
  2. Select time range from the time selector with the label Time for logs in the top left corner.
  3. Now you can view different types of analytics and panels related to the TA logs.

Panels provided in this Dashboard:

  • ATP Alerts errors
  • Defender Incidents errors
  • Defender EventHub Input errors
  • Advance Hunting errors
  • Defender Simulations errors

MDTI ingestion stats Dashboard

On this dashboard, you can view ingestion statistics and performance data presented by sourcetype for the “Microsoft Defender Threat Intelligence Datasets” inputs.

  1. Navigate to Add-on UI > Log Analytics > MDTI ingestion stats.
  2. Select time range from the time selector with the label Time Range in the top left corner.
  3. Select index where the data is ingested.
  4. Now you can view different types of analytics and panels related to the TA logs.

Panels provided in this Dashboard:

  • Events/1m ingestion rate by Sourcetype
  • Events/1m ingestion rate
  • Events ingested by Sourcetype
  • Hosts Ingested by Sourcetype
  • Input Ingestion Stats /1m
  • API Health Metrics /1m
  • Input Log