Skip to content

Hardware and software requirements

You must have an Azure Active Directory application registration to use this add-on. The Azure Active Directory account must be configured with tenant_id, client_id, and client_secret. You use these parameters to configure the accounts and inputs in the add-on to start data collection in Splunk.

  • Refer to the Microsoft docs for information about setting up an Azure Active Directory application registration with the appropriate permissions for Microsoft Defender for Endpoint and Microsoft Defender for Endpoint incidents.

Splunk platform requirements

Because this add-on runs on the Splunk platform, all the system requirements apply for the Splunk software that you use to run this add-on.

  • For Splunk Enterprise system requirements: see System Requirements in the Splunk Enterprise Installation Manual.

  • If you are managing on-premises forwarders to get data into Splunk Cloud, see System Requirements in the Splunk Enterprise Installation Manual, which includes information about forwarders.