Office365 collects and analyzes data from an administrative API hosted within the Office365 environment.
It fetches logs from:
Azure Active Directory
SharePoint
OneDrive
Exchange
Microsoft Teams
Skype For Business
Security Compliance Center
Note
Office365 does not fetch Message Tracking (Exchange Online) logs. Go to the Appendix for information on how to fetch them.
Office365 Components
Fetcher
Office365 Fetcher
Compiled Normalizer
Office365CompiledNormalizer
Normalization Package
LP_O365 Exchange MT
Alert Packages
LP_Office365 Security and Compliance Alert related to Access Governance
LP_Office365 Security and Compliance Alert related to Data Governance
LP_Office365 Security and Compliance Alert related to Data Loss Prevention
LP_Office365 Security and Compliance Alert related to Mail Flow
LP_Office365 Security and Compliance Alert related to Other Category
LP_Office365 Security and Compliance Alert related to Threat Management
LP_Office365 User Added to Azure Group
Dashboard Packages
LP_Office365 Security and Compliance Alerts
LP_Office365 Azure AD Login Activities
LP_Office365 Azure AD User Account Management
LP_Office365 Exchange Overview
LP_Office365 OneDrive Anonymous Link Activities
LP_Office365 OneDrive File Activities
LP_Office365 OneDrive Folder Activities
LP_Office365 OneDrive Overview
LP_Office365 Operations by File Category
LP_Office365 Overview
LP_Office365 SharePoint File Activities
LP_Office365 SharePoint Folder Activities
LP_Office365 SharePoint Overview
Report Packages
LP_Office365 Exchange Overview
LP_Office365 Azure AD User Account Management
LP_Office365 OneDrive Anonymous Link Activities
LP_Office365 OneDrive Overview
LP_Office365 SharePoint Folder Activities
LP_Office365 OneDrive File Activities
LP_Office365 SharePoint File Activities
LP_Office365 Azure AD Login Activities
LP_Office365 Overview
LP_Office365 OneDrive Folder Activities
LP_Office365 Operations by File Category
LP_Office365 SharePoint Overview
KB List
Executables
Search Template
LP_Office365