Microsoft 365 Defender Threat Vulnerability Add-on for Splunk

Vulnerabilities are flaws in a computer system that weakens the overall security of the device or system. And in both small and large organizations it can be quite daunting to keep all devices patched against all vulnerabilities at all times. This is also troublesome for managers, who need to give compliance reports regarding their systems. By utilizing MS Defender Vulnerability framework it is much easier to give a clear answer regarding how well patched your devices are. Import the Defender data to Splunk and give your organization a boost in both threat insights and security analytics. The app comes packaged with one example dashboard to give you an idea of how to use the data. It also CIM normalizes the data into the Vulnerability data model, and holds reports that generates ES ready asset lookups for you. Check out the README for more details.