A new add-on from Microsoft enables customers to easily integrate security alerts and insights from its security products, services, and partners in Splunk Enterprise. The new Splunk add-on is built by Microsoft, certified by Splunk, and is available on Splunkbase at no additional cost.
This add-on, powered by the Microsoft Graph Security API, supports streaming of alerts from the following Microsoft and partner solutions into Splunk using a single add-on and common schema, enabling easier correlation of data across these products:
Note: Security products are continuously onboarded; Refer to the Microsoft Graph Security alerts providers table for the latest product list.
Since the new add-on extends support across a broader set of security products, it will replace the Azure Monitor add-on for Splunk as the preferred method for integrating with the Microsoft Graph Security API.
Follow these steps to install and configure the app. Refer to the documentation for more details.
Now you can use your Microsoft Graph Security alerts for further processing in Splunk, in dashboards, etc.
If you have Splunk and relevant add-ons running behind a proxy server, follow the additional steps for Splunk behind a Proxy Server in the installation documentation for this add-on.
We are working to enable support for this add-on on Splunk Cloud. We would love to hear your feedback on this add-on so that we can factor that before making it available on Splunk Cloud. Please share your feedback by filing a GitHub issue.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.