Figuring out the best add-on(s) to ingest security data related to O365/Azure is an exercise in insanity...

Can we get some clarification and/or consolidation for this since all 5 of these add-ons are developed by Splunk or Microsoft?

Microsoft Graph Security API Add-On for Splunk: https://splunkbase.splunk.com/app/4564

• https://learn.microsoft.com/en-us/graph/api/resources/security-api-overview?view=graph-rest-1.0#aler...
• Alerts from the following providers are available:
  • Azure Active Directory Identity Protection
  • Microsoft 365
    • Default
    • Cloud App Security
    • Custom Alert
  • Microsoft Defender for Cloud Apps
  • Microsoft Defender for Endpoint
  • Microsoft Defender for Identity 
  • Microsoft Sentinel (formerly Azure Sentinel)

Splunk Add-on for Microsoft Security: https://splunkbase.splunk.com/app/6207

• Microsoft 365 Defender incidents and alerts OR Microsoft Defender for Endpoint alerts.
  

Splunk Add-on for Microsoft Office 365: https://splunkbase.splunk.com/app/4055

• All service policies, alerts and entities visible through the Microsoft cloud application security portal.
• All audit events and reports visible through the Microsoft Graph API endpoints. This includes all log events and reports visible through the Microsoft Graph API.

Splunk Add-on for Microsoft Cloud Services: https://splunkbase.splunk.com/app/3110

• mscs:azure:security:alert

Splunk Add on for Microsoft Azure: https://splunkbase.splunk.com/app/3757

• Azure Security Center Alerts & Tasks

EDIT: There's also the Microsoft Defender Advanced Hunting Add-on for Splunk (https://splunkbase.splunk.com/app/5518) but the Splunk Add-on for Microsoft Security also seems to cover Advanced Hunting: https://docs.splunk.com/Documentation/AddOns/released/MSSecurity/Releasenotes#New_features