About the Splunk Add-on for Microsoft Security
Version | 2.2.0 |
Vendor Products | Microsoft 365 Defender, Defender for Endpoint, Azure Event Hubs |
Visible in Splunk Web | Yes, this add-on contains configuration |
The Splunk Add-on for Microsoft Security collects incidents and related information from Microsoft 365 Defender and alerts from Microsoft Defender for Endpoint.
This Add-on collects simulation data from Microsoft Defender for Endpoint and Microsoft 365 Defender Advanced Hunting events data from Azure Event Hubs, which is streamed in real-time from Microsoft Defender Portal using streaming API.
Download the Splunk Add-on for Microsoft Security from Splunkbase at https://splunkbase.splunk.com/app/6207.
NEXT Hardware and software requirements |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!