Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Office 365 Administrator Audit Logs - How can I index them via script?

cmaier
Explorer
‎10-17-2012 08:41 AM

Just curious if anyone out there has had any experience getting their Office 365 Administrator Audit Logs into Splunk. They are easily downloadable via the ECP, but I'm looking to script something through PowerShell and have it grab the logs automagically.

Tags (1)
0 Karma
Reply

janetlavell
Engager
‎11-19-2015 11:48 AM

Hi,

We have just build a tool to do that and then some more...
SkyFormation Extend (c) for Splunk extracts security events from multiple business cloud applications (e.g. Salesforce, Google App, ServiceNow, Office 365,AWS,...) and transforms them into a unified and actionable stream of events sent to your Splunk or other SIEM solution of your choice.

No more cloud applications integration or classification worries, and all in unified form for easiest correlations and investigation across cloud apps.

SkyFormation is a Java app you can install at on-premise on any machine you want, and it will take you 5 minutes to set it up.

Please have a look at:
https://splunkbase.splunk.com/app/2932/

Feel more then welcome to ask me any question at support@skyformation.com

Best
Janet
www.skyformation.com

Reply

wbfoxii
Communicator
‎01-21-2014 11:53 AM

I'll be watching this very closely. I'm in the same state.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...