https://www.verboon.info/tags/splunk/Recent content in Splunk on Anything About ITHugoen-usThu, 28 Mar 2019 15:17:22 +0000https://www.verboon.info/2019/03/how-configure-splunk-to-pull-windows-defender-atp-alerts/Thu, 28 Mar 2019 15:17:22 +0000https://www.verboon.info/2019/03/how-configure-splunk-to-pull-windows-defender-atp-alerts/<p>Windows Defender ATP provides SIEM integration, allowing you to pull alerts from Windows Defender ATP Security Center into Splunk. The SIEM integration uses the Windows Defender ATP Alerts Rest API. Since I have an actual customer demand for such an integration, I thought it&rsquo;s about time to get a feel for how this works.</p> <h1 id="prerequisites">Prerequisites</h1> <ul> <li> <p>An active Windows Defender ATP subscription with portal admin access</p> </li> <li> <p>Windows Defender ATP SIEM integration enabled within the portal.</p>