Latest Version 1.3.0
May 21, 2021
Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
This app is archived. Learn more
Microsoft 365 Defender Add-on for Splunk
**** UPDATE **** This add-on functionality has been replaced by the following: * Data collection is now in the Splunk Add-on for Microsoft Security - https://splunkbase.splunk.com/app/6207/ * Dashboards are now in the Microsoft 365 Add-on for Splunk - https://splunkbase.splunk.com/app/3786/
Built by
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2
CIM Version: 4.x
Rating
0
(0)
Log in to rate this app
Support
Not Supported
**** UPDATE **** This add-on functionality has been replaced by the following:
* Data collection is now in the Splunk Add-on for Microsoft Security - https://splunkbase.splunk.com/app/6207/
* Dashboards are now in the Microsoft 365 Add-on for Splunk - https://splunkbase.splunk.com/app/3786/
The Microsoft 365 Defender Add-on for Splunk collects incidents and related information from Microsoft 365 Defender and/or alerts from Microsoft Defender for Endpoint.
Microsoft 365 Defender Incidents
* Incident (impossible travel, activity from Tor IP, suspicious inbox forwarding, successful logon using potentially stolen credentials, etc.)
* Assignee
* Classification
* Severity
* Status
* Alerts associated with the Incident
Microsoft Defender for Endpoint Alerts
* Categories (Malware, Initial Access, Execution, etc.)
* Detection source
* Evidence
* Computer name
* Related user
* Severity
* Status
Categories
Created By
Splunk Works
Contributors
Jason Conger
Type
addon
Downloads
6,150
Licensing
Splunk Answers
Resources
Log in to report this app listing