Splunk Enterprise

Office 365 - Cloud Application Security logs ingestion bug

lpino
Path Finder

Hello,

I recently upgraded the "Splunk Add-on for Microsoft Office 365" on my Splunk Heavy Forwarder to version 3.0.0, running on Splunk 8.1.4.
I configured the "Cloud App Security" integration and the input for "Cloud Application Security Alerts".
But, running the inputs, I think that this is bugged: the job is scheduled to download the alerts every 5 minutes. Every time the job runs, it downloads the alerts since the beginning (i. e.  from day 1 that the platform has been set up) and downloads just the first 100 alerts.
Moreover, events are not indexed properly, since the timestamp that is applied is the timestamp at which the job runs, not the timestamp included in the event.

Has everyone else experienced the same issue? Am I doing anything wrong? 

Thanks in advance

Labels (2)
0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...