We have constant issues with our SPLUNK puller ever since we onboarded defender ATP logs. During my search on the web I do hear chatter on SPLUNK community about MS created SPLUNK app. Is there any experience someone could share on defender logs or best practices? Thanks in advance