Reporting

Splunking Emails from Microsoft Office 365 particular email address

koshyk
Super Champion

Hi,
Have anyone splunked data from a particular email address of "Micorosft Office 365" ?
I've tested the IMAP splunkbase app on gmail address and it works perfectly, but NOT on a microsoft office 365 in my company.
Any step by step process on how to do would be helpful (i.e create a dummy email ID in the company with specific userid/password?)

Also is it better to do IMAP or use the office365 api's?
https://msdn.microsoft.com/en-us/office/office365/api/mail-rest-operations

Thanks in advance

cpetterborg
SplunkTrust
SplunkTrust

I have written a program in PHP (because it has a nice set of functions for getting at emails through imap). I run that script on a computer and send that output into Splunk. It can get the entire email even if it is MIME encoded with HTML, etc. The IMAP app isn't ver good at it, and can only be used for one Inbox for one user. I tried to get it to install more than once, and get that data into Splunk, but it isn't designed to be able to do that.

I can supply you with that PHP program if you like. It can access the Inbox of the user from Office 365 as long as you have the password. The script uses the password in clear text, so it isn't exactly secure if the server it runs on isn't secure.

koshyk
Super Champion

would be very helpful if you can pass the code. if you have in github would be great.
Thanks in advance

0 Karma

cpetterborg
SplunkTrust
SplunkTrust

No guarantees - use at your own risk!!

https://github.com/cpetterborg/email-by-php-for-splunk

koshyk
Super Champion

thank you. I've upvoted for the efforts

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...