Releasing the TA for Microsoft Windows Defender for Splunk


Splunkbase now hosts my first public investment in the Splunk environment: the TA for Microsoft Windows Defender. This TA allows easy integration of your Microsoft Windows Defender-protected environment into common Splunk tooling. Included in this is Malware Common Information Model (CIM) mappings. These can be used to get more insight to malware events, Windows Defender signature updates, and scan behavior. It also allows you to use the Splunk Enterprise Security malware investigation workflow with Microsoft Windows Defender.

The TA is licensed as Apache 2.0. Issue tracking and pull requests can be found on its GitHub repository.