I want to integrate M365 into Linux-based Splunk instance.
- Could somebody assist me with the architecture's operation?
- How is the API call handled?
- What kind of network data can be seen (specific user accessing M365)?
- Is it possible to keep an eye on the user's activities and the network (such as ports details of various services offered by M365)?
I want to understand Splunk's working. It would be great if someone help me. Thank you.
Regards,
Ash