Hardware and software requirements
You must have an Azure Active Directory application registration to use this add-on. The Azure Active Directory account must be configured with tenant_id
, client_id
, and client_secret
. You use these parameters to configure the accounts and inputs in the add-on to start data collection in Splunk.
- Refer to the Microsoft docs for information about setting up an Azure Active Directory application registration with the appropriate permissions for Microsoft Defender for Endpoint and Microsoft Defender for Endpoint incidents.
Splunk platform requirements
Because this add-on runs on the Splunk platform, all of the system requirements apply for the Splunk software that you use to run this add-on.
- For Splunk Enterprise system requirements: see System Requirements in the Splunk Enterprise Installation Manual.
- If you are managing on-premises forwarders to get data into Splunk Cloud, see System Requirements in the Splunk Enterprise Installation Manual, which includes information about forwarders.
PREVIOUS About the Splunk Add-on for Microsoft Security |
NEXT Installation and configuration overview for the Splunk Add-on for Microsoft Security |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!