Figuring out the best add-on(s) to ingest security data related to O365/Azure is an exercise in insanity...
Can we get some clarification and/or consolidation for this since all 5 of these add-ons are developed by Splunk or Microsoft?
Microsoft Graph Security API Add-On for Splunk: https://splunkbase.splunk.com/app/4564
Splunk Add-on for Microsoft Security: https://splunkbase.splunk.com/app/6207
Splunk Add-on for Microsoft Office 365: https://splunkbase.splunk.com/app/4055
Splunk Add-on for Microsoft Cloud Services: https://splunkbase.splunk.com/app/3110
Splunk Add on for Microsoft Azure: https://splunkbase.splunk.com/app/3757
EDIT: There's also the Microsoft Defender Advanced Hunting Add-on for Splunk (https://splunkbase.splunk.com/app/5518) but the Splunk Add-on for Microsoft Security also seems to cover Advanced Hunting: https://docs.splunk.com/Documentation/AddOns/released/MSSecurity/Releasenotes#New_features