The Splunk Add-on for Microsoft Security is now available
Published Feb 17 2022 10:17 AM 24.2K Views

We're happy to share that the Splunk-supported Splunk Add-on for Microsoft Security is now available. This add-on maps the Microsoft Defender for Endpoint Alerts API properties or the Microsoft 365 Defender Incidents API properties onto Splunk's Common Information Model (CIM).


The update incidents and update alerts functionality as well as the dashboards that were available in the Microsoft 365 Defender Add-on for Splunk 1.3.0 have now moved to the Microsoft 365 App for Splunk 3.3.0 in Splunkbase.


The Splunk SOAR Windows Defender ATP App 3.5.2 supports 30 additional Microsoft Defender for Endpoint API calls (see Additional Information below).


Additional Information:


The Microsoft Defender for Endpoint Team

Version history
Last update:
‎Jul 10 2023 07:31 PM
Updated by: