Forum Discussion

rs8091's avatar
rs8091
Copper Contributor
Sep 07, 2021

Splunk integration ATP Defender

Hello, we are looking at Microsoft 365 ATP Defender and we are struggling with the integration with Splunk due some missing fields in the logs, did anyone was succesful to do this? Thank you! RS
siem
rs8091's avatar
rs8091
Copper Contributor
Nov 17, 2021

Jake_Mowrer Hello, this app is not supported by Splunk, we tried to explain it to Microsoft support several times.

 

Apps and add-ons published either by Splunk or third-party developers. Indicates that no support or maintenance are provided by the publisher.
Customers are solely responsible for ensuring proper functionality and version compatibility of Not-supported apps and add-ons with the applicable Splunk software. If unresolvable functional or compatibility issues are encountered, customers may be required to uninstall the app or add-on from their Splunk environment in order for Splunk to fulfill support obligations.

 

Are you aware of this?
Thank you

Michael Shalev's avatar
Michael Shalev
Former Employee
Dec 04, 2021

rs8091 - Thank you for your comments.

The Splunk supported Microsoft 365 Defender Add-on for Splunk will be released in the near future.

We'll announce it and news about other SIEM connectors here in the Tech Community.

 

Thanks,

Michael Shalev 

  • cvue-snl's avatar
    cvue-snl
    Copper Contributor
    Jan 19, 2022

    Michael ShalevAny update on the when this new supported version of M365 Defender for Endpoint Add-on for Splunk will be available?

    • Michael Shalev's avatar
      Michael Shalev
      Former Employee
      Jan 19, 2022

      cvue-snl - thanks for your question.

      We're waiting for the new Add-on to complete Splunk's deployment process - I will update here when I receive notice that deployment is complete

Resources