MDI logs are generated on security.microsoft.com portal and are not present locally on the servers where Splunk forwarders and MDI sensor are installed. There is a possibility with Sentinel [ https://learn.microsoft.com/en-us/azure/sentinel/microsoft-365-defender-sentinel-integration ] but we want to do this to Splunk. We might not be able to install anything on the portal. Do we have a set of documentation available as to how to send the MDI logs from security.microsoft.com portal to Splunk ?
... View more