How to Configure Splunk to pull Windows Defender ATP alerts

Windows Defender ATP provides SIEM integration, allowing you to pull alerts from Windows Defender ATP Security Center into Splunk. The SIEM integration uses the Windows Defender ATP Alerts Rest API. Since I have an actual customer demand for such an integration, I thought it’s about time to get a feel for how this works. Prerequisites An active Windows Defender ATP subscription with portal admin access Windows Defender ATP SIEM integration enabled within the portal. A Read More …