Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
Collections
Apps
Submit an App
Warning

This app is archived. Learn more

Microsoft 365 Defender Add-on for Splunk app icon

Microsoft 365 Defender Add-on for Splunk

**** UPDATE **** This add-on functionality has been replaced by the following: * Data collection is now in the Splunk Add-on for Microsoft Security - https://splunkbase.splunk.com/app/6207/ * Dashboards are now in the Microsoft 365 Add-on for Splunk - https://splunkbase.splunk.com/app/3786/ The Microsoft 365 Defender Add-on for Splunk collects incidents and related information from Microsoft 365 Defender and/or alerts from Microsoft Defender for Endpoint. Microsoft 365 Defender Incidents * Incident (impossible travel, activity from Tor IP, suspicious inbox forwarding, successful logon using potentially stolen credentials, etc.) * Assignee * Classification * Severity * Status * Alerts associated with the Incident Microsoft Defender for Endpoint Alerts * Categories (Malware, Initial Access, Execution, etc.) * Detection source * Evidence * Computer name * Related user * Severity * Status

Built by Splunk Works
splunk product badge
Latest Version 1.3.0
May 21, 2021
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2
CIM Version: 4.x
Rating

0

(0)

Log in to rate this app
Support
Microsoft 365 Defender Add-on for Splunk support icon
Not Supported
Learn more
**** UPDATE **** This add-on functionality has been replaced by the following: * Data collection is now in the Splunk Add-on for Microsoft Security - https://splunkbase.splunk.com/app/6207/ * Dashboards are now in the Microsoft 365 Add-on for Splunk - https://splunkbase.splunk.com/app/3786/ The Microsoft 365 Defender Add-on for Splunk collects incidents and related information from Microsoft 365 Defender and/or alerts from Microsoft Defender for Endpoint. Microsoft 365 Defender Incidents * Incident (impossible travel, activity from Tor IP, suspicious inbox forwarding, successful logon using potentially stolen credentials, etc.) * Assignee * Classification * Severity * Status * Alerts associated with the Incident Microsoft Defender for Endpoint Alerts * Categories (Malware, Initial Access, Execution, etc.) * Detection source * Evidence * Computer name * Related user * Severity * Status

Categories

Created By

Splunk Works

Contributors

Jason Conger

Type

addon

Downloads

6,101

Licensing

Splunk Answers

Resources

Login to report this app listing