deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 14:27:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

add splunk cloud

Browse Source
This commit is contained in:
Joey Caparas 2020-05-19 12:23:40 -07:00
parent 50ac6adaec
commit 329668cd48
2 changed files with 4 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
windows/security/threat-protection/microsoft-defender-atp/configure-splunk-cloud.md
View File

@ -1,36 +0,0 @@
---
title: Configure Splunk Cloud to pull Microsoft Defender ATP detections
description: Configure Splunk Cloud to receive and pull detections from Microsoft Defender Security Center.
keywords: configure cloud splunk, security information and events management tools, splunk
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# Configure Splunk Cloud to pull Microsoft Defender ATP detections
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresplunk-abovefoldlink)
Follow the instructions provided in [Splunk Cloud](https://splunkbase.splunk.com/app/4959/).
## Related topics
- [Configure Splunk to pull Microsoft Defender ATP detections](configure-splunk.md)
- [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
- [Configure ArcSight to pull Microsoft Defender ATP detections](configure-arcsight.md)
- [Microsoft Defender ATP Detection fields](api-portal-mapping.md)
- [Pull Microsoft Defender ATP detections using REST API](pull-alerts-using-rest-api.md)
- [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md)

6
windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md
View File

@ -54,8 +54,10 @@ You'll need to configure Splunk so that it can pull Microsoft Defender ATP detec
3. Select **Windows Defender ATP alerts** under **Local inputs**. 3. Select **Windows Defender ATP alerts** under **Local inputs**.
NOTE: >[!NOTE]
This input will only appear after you install the [Windows Defender ATP Modular Inputs TA](https://splunkbase.splunk.com/app/4128/). > - This input will only appear after you install the [Windows Defender ATP Modular Inputs TA](https://splunkbase.splunk.com/app/4128/).
> - For Splunk Cloud, use [Microsoft Defender ATP Add-on for Splunk](https://splunkbase.splunk.com/app/4959/).
4. Click **New**. 4. Click **New**.