Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
Splunk Add-on for Microsoft Security app icon

Splunk Add-on for Microsoft Security

The Splunk Add-on for Microsoft Security collects incidents and alerts from Microsoft 365 Defender OR alerts from Microsoft Defender for Endpoint.

Built by
splunk product badge

Latest Version 2.5.4
June 24, 2025
Compatibility
Not Available
Platform Version: 10.0, 9.4, 9.3, 9.2, 9.1
CIM Version: 5.x
Rating

0

(0)

Log in to rate this app
Support
Splunk Add-on for Microsoft Security support icon
Splunk Supported addon
Ranking

#6

in Security, Fraud & Compliance
The Splunk Add-on for Microsoft Security collects incidents and alerts from Microsoft 365 Defender OR alerts from Microsoft Defender for Endpoint. Customers currently utilizing Microsoft 365 Defender Add-on for Splunk are strongly recommended to migrate to this new Splunk supported add-on after reading the migration section of the documentation. https://docs.splunk.com/Documentation/AddOns/released/MSSecurity/Migrate Customers migrating from Microsoft 365 Defender Add-on for Splunk who would like to continue using the dashboards it includes should install Microsoft 365 App for Splunk, as the functionality has been moved there. https://splunkbase.splunk.com/app/3786/ Microsoft 365 Defender Incidents * Incident (impossible travel, activity from Tor IP, suspicious inbox forwarding, successful logon using potentially stolen credentials, etc.) * Assignee * Classification * Severity * Status * Alerts associated with the Incident Microsoft Defender for Endpoint Alerts * Categories (Malware, Initial Access, Execution, etc.) * Detection source * Evidence * Computer name * Related user * Severity * Status

Categories

Created By

Splunk LLC

Type

addon

Downloads

204,734

Resources

Log in to report this app listing