Version:

Office365

Office365 fetches and analyzes logs from Office 365 Management APIs.

You can configure Office365 from Log Sources or Devices. We recommend you configure it from log source as it provdes a centralized user interface for all the configurations.

It fetches logs from:

  • Azure Active Directory

  • SharePoint

  • OneDrive

  • Exchange

  • Microsoft Teams

  • Skype For Business

  • Security Compliance Center

Note

Office365 does not fetch Message Tracking (Exchange Online) logs. Go to Fetching Message Tracking to know how to fetch them.

Office365 Components

Office365 consists of multiple components: Fetcher for log retrieval, CompiledNormalizer for log normalization, Alert packages for incident generation, Dashboard packages for visualization, Report packages for report generation, Search template for storing search query, and KB List for storing Static List.

  1. Fetcher

    • Office365 Fetcher

  2. Compiled Normalizer

    • Office365CompiledNormalizer

  3. Normalization Package

    • LP_O365 Exchange MT

  4. Alert Packages

    • LP_Office365 Security and Compliance Alert related to Access Governance

    • LP_Office365 Security and Compliance Alert related to Data Governance

    • LP_Office365 Security and Compliance Alert related to Data Loss Prevention

    • LP_Office365 Security and Compliance Alert related to Mail Flow

    • LP_Office365 Security and Compliance Alert related to Other Category

    • LP_Office365 Security and Compliance Alert related to Threat Management

    • LP_Office365 User Added to Azure Group

  5. Dashboard Packages

    • LP_Office365 Security and Compliance Alerts

    • LP_Office365 Azure AD Login Activities

    • LP_Office365 Azure AD User Account Management

    • LP_Office365 Exchange Overview

    • LP_Office365 OneDrive Anonymous Link Activities

    • LP_Office365 OneDrive File Activities

    • LP_Office365 OneDrive Folder Activities

    • LP_Office365 OneDrive Overview

    • LP_Office365 Operations by File Category

    • LP_Office365 Overview

    • LP_Office365 SharePoint File Activities

    • LP_Office365 SharePoint Folder Activities

    • LP_Office365 SharePoint Overview

  6. Report Packages

    • LP_Office365 Exchange Overview

    • LP_Office365 Azure AD User Account Management

    • LP_Office365 OneDrive Anonymous Link Activities

    • LP_Office365 OneDrive Overview

    • LP_Office365 SharePoint Folder Activities

    • LP_Office365 OneDrive File Activities

    • LP_Office365 SharePoint File Activities

    • LP_Office365 Azure AD Login Activities

    • LP_Office365 Overview

    • LP_Office365 OneDrive Folder Activities

    • LP_Office365 Operations by File Category

    • LP_Office365 SharePoint Overview

  7. KB List

    • Executables

  8. Search Template

    • LP_Office365

Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support