MS Defender Advanced Hunting app icon

MS Defender Advanced Hunting

This add-on enables Microsoft Defender Advanced Hunting (KQL) queries directly from Splunk search commands.

Built by
splunk product badge
Latest Version 0.2.5
May 6, 2026
Compatibility
Splunk Enterprise, Splunk Cloud
Platform Version: 10.2, 10.0, 9.4, 9.3
Rating

5

(5)

Log in to rate this app
Support
MS Defender Advanced Hunting support icon
Developer Supported addon
Ranking

#24

in Investigative
This add-on enables Advanced Hunting queries (KQL) against Microsoft Defender APIs directly from Splunk search commands. Microsoft provides three APIs for Advanced Hunting: - Microsoft Defender for Endpoint - Microsoft Defender XDR - Microsoft Graph REST API This add-on automatically detects which API endpoint your credentials are authorized to access. If credentials for multiple APIs are available, **Microsoft Defender for Endpoint** is prioritized. - [Microsoft Defender for Endpoint](https://learn.microsoft.com/en-us/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide)

Categories

Security, Fraud & Compliance, Investigative

Created By

Masaki Yoshikawa

Source Code

splunk-ta-ms-advanced-hunting(Opens new window)

Type

addon

Downloads

1,815

Licensing

Apache License Version 2.0(Opens new window)

Splunk Answers

Ask a question about this app listing(Opens new window)

Resources

Log in to report this app listing