diff --git a/contentctl.yml b/contentctl.yml
index e2eac666e9..a76b77f5d0 100644
--- a/contentctl.yml
+++ b/contentctl.yml
@@ -185,9 +185,9 @@ apps:
 - uid: 6207
   title: Splunk Add-on for Microsoft Security
   appid: Splunk_TA_MS_Security
-  version: 2.5.1
+  version: 2.5.2
   description: description of app
-  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-microsoft-security_251.tgz
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-microsoft-security_252.tgz
 - uid: 2734
   title: URL Toolbox
   appid: URL_TOOLBOX
diff --git a/data_sources/ms365_defender_incident_alerts.yml b/data_sources/ms365_defender_incident_alerts.yml
index 58c9d6c552..4bb1baec94 100644
--- a/data_sources/ms365_defender_incident_alerts.yml
+++ b/data_sources/ms365_defender_incident_alerts.yml
@@ -16,7 +16,7 @@ sourcetype: ms365:defender:incident:alerts
 supported_TA:
 - name: Splunk Add-on for Microsoft Security
   url: https://splunkbase.splunk.com/app/6207
-  version: 2.5.1
+  version: 2.5.2
 fields:
 - actorName
 - alertId
diff --git a/data_sources/ms_defender_atp_alerts.yml b/data_sources/ms_defender_atp_alerts.yml
index 3f6eac12ca..1c184c0a5b 100644
--- a/data_sources/ms_defender_atp_alerts.yml
+++ b/data_sources/ms_defender_atp_alerts.yml
@@ -16,7 +16,7 @@ sourcetype: ms:defender:atp:alerts
 supported_TA:
 - name: Splunk Add-on for Microsoft Security
   url: https://splunkbase.splunk.com/app/6207
-  version: 2.5.1
+  version: 2.5.2
 fields:
 - column
 - accountName