Splunk® Supported Add-ons

Splunk Add-on for Microsoft Security

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Hardware and software requirements

You must have an Azure Active Directory application registration to use this add-on. The Azure Active Directory account must be configured with tenant_id, client_id, and client_secret. You use these parameters to configure the accounts and inputs in the add-on to start data collection in Splunk.

  • Refer to the Microsoft docs for information about setting up an Azure Active Directory application registration with the appropriate permissions for Microsoft Defender for Endpoint and Microsoft Defender for Endpoint incidents.

Splunk platform requirements

Because this add-on runs on the Splunk platform, all of the system requirements apply for the Splunk software that you use to run this add-on.

  • For Splunk Enterprise system requirements: see System Requirements in the Splunk Enterprise Installation Manual.
  • If you are managing on-premises forwarders to get data into Splunk Cloud, see System Requirements in the Splunk Enterprise Installation Manual, which includes information about forwarders.
Last modified on 24 April, 2024
PREVIOUS
About the Splunk Add-on for Microsoft Security 		  NEXT
Installation and configuration overview for the Splunk Add-on for Microsoft Security

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters