×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
kconway35
New Member
Member since: ‎01-28-2019
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎01-28-2019
View All

Re: Splunk Add On for Office 365 Requirement for A...

by in All Apps and Add-ons
‎03-29-2019 11:11 AM
‎03-29-2019 11:11 AM
Hi Jconger, I am working with one of our security administrators to capture O365 Audit Data using the Splunk Add On for O365. I created a Azure Application in our cloud tenant and provided it the Office 365 Graph API Permissions Read Activity data for your organization Read Service Health for your organization Read Activity Reports The application authenticates but does not get all data that I can see in the Audit Search Log which is found in the O365 Security and Compliance portion of the Portal. Is there something missing on the Azure Permission Side? I would have thought this would provide logging for activity related to Adding and removing licences Blocking user sign in creating/deleting a user in the cloud adding roles/groups to users etc. kevin C. ... View more

Splunk Add On for Office 365 Requirement for Azure

by in All Apps and Add-ons
‎03-29-2019 08:20 AM
‎03-29-2019 08:20 AM
Is there a Azure Subscription type that is required for the Splunk Add On for Office 365 to generate the proper Audit Logs? Our Security Admin is only seeing System Wide Messages but not any individual authentications or other messages. Could this be a limitation on the Azure Tenant Side or something misconfigured on the Splunk Side? Thanks, Kevin ... View more

Re: 404 Client Error with Microsoft Office 365 Rep...

by in Getting Data In
‎01-28-2019 08:19 AM
‎01-28-2019 08:19 AM
Is the role group creation for the group mentioned on the Splunk side or the Azure Application Side? I only support the Azure Application Side. I don't have insight on how the Splunk Side was configured. Are the Role Groups mentioned: "ViewOnlyAuditLogs" "ViewOnlyConfiguration" "ViewOnlyRecipients" Set up in the the Azure Tenant Somewhere? Thanks, Kevin C. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM