Splunk Add-on for Microsoft Office 365-data - data...

rayar · ‎08-24-2020

hi
we have Splunk Add-on for Microsoft Office 365 running on heavy forwarder
what is the best way to do data validation ?
how we can see the API calls for below inputs

[splunk@ilissplfwd06 local]$ cat inputs.conf
[splunk_ta_o365_management_activity://AuditAD]
content_type = Audit.AzureActiveDirectory
index = o365_management_activity
interval = 300
tenant_name = o365
number_of_threads = 8
sourcetype = o365:management:activity
start_by_shell = false
disabled = 0

[splunk_ta_o365_management_activity://AuditSharePoint]
content_type = Audit.SharePoint
index = o365_management_activity
interval = 300
tenant_name = o365
number_of_threads = 8
sourcetype = o365:management:activity

[splunk_ta_o365_management_activity://AuditGeneral]
content_type = Audit.General
index = o365_management_activity
interval = 300
tenant_name = o365
number_of_threads = 8
sourcetype = o365:management:activity

[splunk_ta_o365_management_activity://AuditExchange]
content_type = Audit.Exchange
index = o365_management_activity
interval = 300
tenant_name = o365
number_of_threads = 8
sourcetype = o365:management:activity

[splunk_ta_o365_service_status://ServiceStatus]
content_type = CurrentStatus
index = o365
interval = 300
tenant_name = o365

[splunk_ta_o365_service_message://ServiceMessage]
index = o365
interval = 300
tenant_name = o365

[splunk_ta_o365_management_activity://DLPAll]
content_type = DLP.All
index = o365_management_activity
interval = 300
tenant_name = o365
number_of_threads = 8
[splunk@ilissplfwd06 local]$

Splunk Add-on for Microsoft Office 365-data - data validation

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?