Warning
Splunkbase Classic has been deprecated and will be deactivated on February 18, 2026.
Microsoft Defender Advanced Hunting Add-on for Splunk app icon

Microsoft Defender Advanced Hunting Add-on for Splunk

DEPRECATION NOTICE: THIS IS THE FINAL VERSION OF THIS ADD-ON. THE FUNCTIONALITY HAS BEEN INCORPORATED INTO THE SPLUNK ADD-ON FOR MICROSOFT SECURITY: https://splunkbase.splunk.com/app/6207

Built by
splunk product badge
Latest Version 1.4.2
January 9, 2026
Compatibility
Splunk Enterprise, Splunk Cloud
Platform Version: 10.1, 10.0, 9.4, 9.3, 9.2, 9.1, 9.0, 8.2
CIM Version: 6.x, 5.x, 4.x
Rating

0

(0)

Log in to rate this app
Support
Microsoft Defender Advanced Hunting Add-on for Splunk support icon
Not Supported
Ranking

#2

in Endpoint

#44

in Security, Fraud & Compliance
DEPRECATION NOTICE: THIS IS THE FINAL VERSION OF THIS ADD-ON. THE FUNCTIONALITY HAS BEEN INCORPORATED INTO THE SPLUNK ADD-ON FOR MICROSOFT SECURITY: https://splunkbase.splunk.com/app/6207 This add-on provides field extractions and CIM compatibility for the Endpoint datamodel for Microsoft Defender Advanced Hunting data. The data is similar in content to Sysmon data and can be used by Detection Searches in i.e. Splunk Enterprise Security Content Update. Future versions may include support for Microsoft Defender for Office 365, Microsoft Defender for Identity and other products in the Microsoft 365 suite. Please see the Details tab for more info.

Categories

Endpoint, Security, Fraud & Compliance

Created By

Splunk Works

Contributors

Mikael Bjerkeland

Type

addon

Downloads

44,857

Licensing

End User License Agreement for Third-Party Content(Opens new window)

Splunk Answers

Ask a question about this app listing(Opens new window)

Resources

Log in to report this app listing