Version:

Office365

Office365 collects and analyzes data from an administrative API hosted within the Office365 environment.

Office365 fetches logs from:

  • Azure Active Directory

  • SharePoint

  • OneDrive

  • Exchange

  • Microsoft Teams

  • Skype For Business

  • Security Compliance Center

Note

Office365 does not fetch Message Tracking (Exchange Online) logs. To fetch these logs, install LogPoint Agent. Go to the Appendix how to fetch Message Tracking (Exchange Online) logs.

Office365 consists of the following components:

  1. Fetcher

    • Office365 Fetcher

  2. Compiled Normalizer

  • Office365CompiledNormalizer

  1. Normalization Package

    • LP_O365 Exchange MT

  2. Alert Packages

    • LP_Office365 Multiple Failed Login from Different Host by Single User

    • LP_Office365 Multiple Failed Login from Same Host

    • LP_Office365 Multiple Successful Login From Different Host by Single User

    • LP_Office365 Multiple Successful Login from Different Country by Single User

    • LP_Office365 Security and Compliance Alert related to Access Governance

    • LP_Office365 Security and Compliance Alert related to Data Governance

    • LP_Office365 Security and Compliance Alert related to Data Loss Prevention

    • LP_Office365 Security and Compliance Alert related to Mail Flow

    • LP_Office365 Security and Compliance Alert related to Other Category

    • LP_Office365 Security and Compliance Alert related to Threat Management

    • LP_Office365 User Added to Azure AD

    • LP_Office365 User Added to Azure Group

    • LP_Office365 User Deleted from Azure AD

    • LP_Office365 User License Change

    • LP_Office365 User Added to Multiple Groups

  3. Dashboard Packages

    • LP_Office365 Security and Compliance Alerts

    • LP_Office365 Azure AD Login Activities

    • LP_Office365 Azure AD User Account Management

    • LP_Office365 Exchange Overview

    • LP_Office365 OneDrive Anonymous Link Activities

    • LP_Office365 OneDrive File Activities

    • LP_Office365 OneDrive Folder Activities

    • LP_Office365 OneDrive Overview

    • LP_Office365 Operations by File Category

    • LP_Office365 Overview

    • LP_Office365 SharePoint File Activities

    • LP_Office365 SharePoint Folder Activities

    • LP_Office365 SharePoint Overview

  4. Report Packages

    • LP_Office365 Exchange Overview

    • LP_Office365 Azure AD User Account Management

    • LP_Office365 OneDrive Anonymous Link Activities

    • LP_Office365 OneDrive Overview

    • LP_Office365 SharePoint Folder Activities

    • LP_Office365 OneDrive File Activities

    • LP_Office365 SharePoint File Activities

    • LP_Office365 Azure AD Login Activities

    • LP_Office365 Overview

    • LP_Office365 OneDrive Folder Activities

    • LP_Office365 Operations by File Category

    • LP_Office365 SharePoint Overview

  5. KB List

    • Executables

  6. Search Templates

    • LP_Office365 Azure AD Sign-ins

Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support