Splunk Enterprise Security

Can we use the powershell/ APT for integration of Rights Management Service/ Office 365 (RMS) data to Splunk

MAMAOUI
Explorer

Hi All

I'm looking for informations or methods on integrating RMS (Rights Management service/Office365) into Splunk (Linux).
I'm not sure if we can use the APT (powershell) ....
I checked online - But not able to find any informations.

Thanks

0 Karma
1 Solution

jconger
Splunk Employee
Splunk Employee

I haven't tested this, but this Microsoft articles states that RMS logs are written to blob storage in W3C extended format:
https://docs.microsoft.com/en-us/information-protection/deploy-use/log-analyze-usage#how-to-access-a...

You should be able to use the blob input in the Splunk Add-on for Microsoft Cloud Services to read this data.

View solution in original post

0 Karma

jconger
Splunk Employee
Splunk Employee

I haven't tested this, but this Microsoft articles states that RMS logs are written to blob storage in W3C extended format:
https://docs.microsoft.com/en-us/information-protection/deploy-use/log-analyze-usage#how-to-access-a...

You should be able to use the blob input in the Splunk Add-on for Microsoft Cloud Services to read this data.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...