This add-on which utilzes MS Defender 365 vulnerabilties data and CIM normalizes the data into the Vulnerabilties data model.
Further it creates two asset lookup lists readily formatted for Enterprise Security.
The app also provides an example view of how the data can be presented for a system manager (not so technical role).
The view is included both as a Classic XML and also as a Dashboard Studio view.
Use this as a starting point and tailor it to your own environment and needs.
To further enchance your investigation options you should also be ingesting Defender for Endpoint events as well. We recommend using this add-on:
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.