Release notes for the Splunk Add-on for Microsoft Security¶
About this release¶
Version 2.5.0 of the Splunk Add-on for Microsoft Security was released on April 29, 2025. It is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 9.1.x, 9.2.x, 9.3.x |
|---|---|
| CIM | 5.3.2 |
| Platforms | Windows, Linux based Operating Systems |
| Vendor Products | Microsoft 365 Defender, Defender for Endpoint, Azure Event Hubs, Microsoft Defender Threat Intelligence |
The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New features¶
- This release contains a new input responsible for pulling data from the Microsoft List Machines API, mTLS support and two new event types:
ms_security_machinesandms_security_eventhub_url_click_event.
Known issues¶
Version 2.5.0 of the Splunk Add-on for Microsoft Security contains the following known issues.
Third-party software attributions¶
Version 2.5.0 incorporates third-party software attributions for the Splunk Add-on for Microsoft Security.