All Apps and Add-ons

Splunk Add-on for Microsoft Office 365: Will not return any DLP events but returns all others. Any ideas?

ChadLangUAB
Path Finder

I've confirmed that, as required, the Splunk API account has the correct Application and Delegated permissions to read the service health, activity data, and DLP policy events. These permissions are selected, saved and then granted within the Office 365 Management Activity API configuration on Azure Active Directory.

Also confirmed that the account has Microsoft Office 365 E3 license applied.

We are really at wit's end and have had a support case open since 7/21.

Hopefully, someone here has some experience with this issue.

esalmon
Explorer

Bumping this up because we have the same issue

0 Karma
Get Updates on the Splunk Community!

Splunk Certification Support Alert | Pearson VUE Outage

Splunk Certification holders and candidates!  Please be advised of an upcoming system maintenance period for ...

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...