Splunk Enterprise Security

Can we use the powershell/ APT for integration of Rights Management Service/ Office 365 (RMS) data to Splunk

MAMAOUI
Explorer

Hi All

I'm looking for informations or methods on integrating RMS (Rights Management service/Office365) into Splunk (Linux).
I'm not sure if we can use the APT (powershell) ....
I checked online - But not able to find any informations.

Thanks

0 Karma
1 Solution

jconger
Splunk Employee
Splunk Employee

I haven't tested this, but this Microsoft articles states that RMS logs are written to blob storage in W3C extended format:
https://docs.microsoft.com/en-us/information-protection/deploy-use/log-analyze-usage#how-to-access-a...

You should be able to use the blob input in the Splunk Add-on for Microsoft Cloud Services to read this data.

View solution in original post

0 Karma

jconger
Splunk Employee
Splunk Employee

I haven't tested this, but this Microsoft articles states that RMS logs are written to blob storage in W3C extended format:
https://docs.microsoft.com/en-us/information-protection/deploy-use/log-analyze-usage#how-to-access-a...

You should be able to use the blob input in the Splunk Add-on for Microsoft Cloud Services to read this data.

0 Karma
Get Updates on the Splunk Community!

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...

IM Landing Page Filter - Now Available

We’ve added the capability for you to filter across the summary details on the main Infrastructure Monitoring ...

Dynamic Links from Alerts to IM Navigators - New in Observability Cloud

Splunk continues to improve the troubleshooting experience in Observability Cloud with this latest enhancement ...