icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Microsoft Graph Security Score Add-on
SHA256 checksum (microsoft-graph-security-score-add-on_101.tgz) a313ba45c01b360ebb25b577948ae722dbe9d5bc2ae506f5036a2ea75406b907 SHA256 checksum (microsoft-graph-security-score-add-on_100.tgz) 0ac7f4de52dfc9a59e6ebbc5246bb1ed1efc9dcfd0e0cb06033e86a0754b9acb
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

splunk

Microsoft Graph Security Score Add-on

Overview
Details
The Microsoft Graph Security Score Add-on for Splunk allows users to collect their Azure (Office 365) Security Score from Microsoft's Security Graph API. It consists of Python scripts that collect the required/necessary data to configure the account information.

OVERVIEW

The Microsoft Graph Security Score Add-on for Splunk allows users to collect their Azure (Office 365) Security Score from Microsoft's Security Graph API. It consists of Python scripts that collect the required/necessary data to configure the account information.

  • Author - CrossRealms International Inc.
  • Creates Index - False
  • Supported Browser: Google Chrome, Mozilla Firefox, Safari

TOPOLOGY AND SETTING UP SPLUNK ENVIRONMENT

There are two ways to setup this app:
1. Standalone Mode:
* Install the Microsoft Graph Security Score Add-on for Splunk.
2. Distributed Mode:
* The Add-on can be installed on search head, but it is not required. The Add-on configuration is not required on search head. (The Add-on contains a dashboard to show Microsoft Graph Security Score.)
* Install the Microsoft Graph Security Score Add-on for Splunk on the heavy forwarder.
* Configure the Add-on to collect the required information from the Microsoft Graph API on the heavy forwarder.
* The Add-on do not support universal forwarder.
* The Add-on is not required on an indexer.

DEPENDENCIES

  • There are no external dependencies for this Add-on.

INSTALLATION

The Add-on needs to be installed on the Search Head and heavy forwarder.

  • From the Splunk Home page, click the gear icon next to Apps.
  • Click Browse more apps.
  • Search for Microsoft Graph Security Score Add-on.
  • Click Install.
  • If prompted, restart Splunk.

DATA COLLECTION & CONFIGURATION

Configuration Required on Azure

Configure Data Input

  1. Navigate to Microsoft Graph Security Score Add-on for Splunk > Input on Splunk UI.
  2. Click on Create New Input.
  3. Add the following parameters:
Parameter Description
Name Enter a unique name for the input.
Interval Interval in seconds (how often the Add-on should collect the latest data from the Microsoft Graph API). The ideal value is between 3600 (1 hour) - 14400 (4 hours)
Index Enter the index name in which the Graph API data will be stored in Splunk.
Azure AD Tenant ID Obtain the Tenant ID (Directory) from Azure AD.
Application Id Obtain the Application ID (Client) from Azure AD.
Client Secret Obtain the Client Secret from Azure AD.
  1. Click on Save.

UNINSTALL ADD-ON

  1. SSH to the Splunk instance.
  2. Navigate to apps ($SPLUNK_HOME/etc/apps).
  3. Remove the TA-microsoft-graph-security-score folder from the apps directory.
  4. Restart Splunk.

OPEN SOURCE COMPONENTS AND LICENSES

CONTRIBUTORS

  • Bhavik Bhalodia
  • Vatsal Jagani
  • Usama Houlila
  • Preston Carter
  • Ahad Ghani

SUPPORT

Release Notes

Version 1.0.1
Aug. 25, 2021

Changes to make compatible with the latest Splunk AppInspect - Dashboards version changed to 1.1.

Version 1.0.0
Aug. 10, 2021
  • Created Add-on by UCC Splunk-Python library.
  • Added the configuration pages.
18
Installs
54
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.