Office 365 Security & Compliance Logs into Splunk

anandhalagarasa · ‎08-26-2019

Hi Team,

We have a requirement to ingest Office 365 Security & Compliance data into Splunk Cloud. So kindly let us know do we have any Add-on or app to ingest those logs into Splunk Cloud.

If yes, then kindly provide the app or add-on information so that we will configure the same into Splunk Cloud.

And also if you have any document for it then kindly share it.

woodcock · ‎10-08-2019

This will help a bunch:
http://bit.ly/Splunk_Azure_Permissions

burakcinar · ‎08-28-2019

Hi ,
did you try this add-on Microsoft Graph Security API ? it has nice features for ingest all security alerts.

link;
https://splunkbase.splunk.com/app/4564/

anandhalagarasa · ‎08-26-2019

Can anyone help on my query.

lmethwani_splun · ‎08-28-2019

MS Office 365 is configured via Azure portal right?

lmethwani_splun · ‎08-28-2019

You can configure the app and add-on

App https://splunkbase.splunk.com/app/3786/
Add on to pull the logs via Microsoft management APIs: https://splunkbase.splunk.com/app/4055/

Please make sure to install the required apps/TAs mentioned in Details section.
Ref Doc for configuring the add-on: https://docs.splunk.com/Documentation/AddOns/released/MSO365/ConfigureappinAzureAD

Office 365 Security & Compliance Logs into Splunk

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform