Ringing In the New Year With Splunk and Microsoft: Three New Integrations
1. Splunk Add-On For Microsoft Cloud Services
The latest version of this Splunk-built add-on supports Microsoft Azure Event Hubs and includes improved support for the Common Information Model (CIM) Alerts data model through sourcetypes for Azure Security Center Alerts and Azure Security Center Recommendations. The add-on also includes an upgraded Microsoft Azure Python Software Development Kit (SDK). Stay tuned for an upcoming technical post on how to get Azure Event Hub data into Splunk via the add-on.
2. M365 Defender Add-On for Splunk
The newest version of the add-on includes support for M365 Defender Incidents, and can collect the following data: incident, assignee, classification, severity, status, and associated alerts.
3. On-Call App for Microsoft Teams
There’s nothing worse than screen hopping while trying to troubleshoot an incident. The On-Call App for Microsoft Teams allows you to firefight critical incidents from the tool of your choice. Available in the Microsoft Office Store, this application is completely bi-directional allowing you to see the entire payload of your incidents, acknowledge them and resolve them, all from the Teams interface. On-Call maps Microsoft Teams data to ensure accurate reporting and complete information. Check out the handy integration guide.
Looking to relive the magic of .conf20? Couldn’t make it this year and want to catch up? Don’t stress! Recordings from all sessions of .conf20 posted on Splunk.com.
Be sure to check out "Down in the Weeds, Up in the Cloud: Security" for security-specific updates and features of the Splunk & Microsoft 365/Azure landscape as well as new updates around Microsoft Teams, security & compliance, ingestion methods and more.
Related Articles
Data Driven: From Britain to Hungary
Splunking Slack Audit Data
