Hi All
I'm looking for informations or methods on integrating RMS (Rights Management service/Office365) into Splunk (Linux). I'm not sure if we can use the APT (powershell) .... I checked online - But not able to find any informations.
Thanks
I haven't tested this, but this Microsoft articles states that RMS logs are written to blob storage in W3C extended format: https://docs.microsoft.com/en-us/information-protection/deploy-use/log-analyze-usage#how-to-access-a...
You should be able to use the blob input in the Splunk Add-on for Microsoft Cloud Services to read this data.
View solution in original post
