10/31/2023 0 Comments Office 365 audit![]() GIFT Demonstration – Enable the Office 365 data connector:įor a full list, please see, the Azure Sentinel Grand List.Īzure Sentinel has many built-in workbooks that provide extensive reporting capabilities analyzing your connected data sources to let you quickly and easily deep dive into the data generated by those services. Office 365 Security and Compliance Alerts Logs and alerts from Proxies and FirewallsĪzure Sentinel comes with a several built-in and custom connectors to onboard Office 365 and related workloads.Īzure Active Directory Sign-In and Audit Logs.Logs from Domain Controllers and Azure Advanced Threat Protection alerts.Lastly, the following data sources are optional and would unlock more value by correlating different data sources using SIEM and SOAR capabilities. Office 365 Advanced Threat Protection and Threat Investigation and Response alerts.Azure Activity Directory Identity Protection alerts.Azure Sentinel can benefit from these expert systems and it is recommended to onboard if licensed or consider adding these to aid with detection and use cases. In addition, the sources below are optional as they depend on additional licenses. ![]() Message Trace logs available for Exchange Online.Alerts generated in Office 365 Security and Compliance Center.Activity Logs from Office 365 workloads.Audit and Sign-In Logs from Azure Active Directory.The following data sources should be the minimum onboarded to monitor Office 365: For instance, if an enterprise which follow the Zero Trust approach from Microsoft would focus on different telemetry than an enterprise with a classical security approach. Required data sources for Office 365 and related workloadsĬhoosing the right telemetry for Office 365 and related workloads depends on the enterprise’s security model. Integration of 3 rd party Threat Intelligence (TI).Using of out of the box Analytics Rules templates.Required data sources for Office 365 and related workloads.This blog post is built as a checklist and covers the following topics: Over the past few mounts I have been working with my customers, on approaches to onboard Office 365 and related services into Azure Sentinel and the benefit of built-in solutions that a Cloud based Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) bring, such as these use cases. Increase usage means that the service should be more focal for defenders. Special thanks to " Clive Watson" and “ Ofer Shezaf” that collaborating with me on this blog post.ĭue to the COVID-19 crisis, the usage of Office 365 has increased which introduces new security monitoring challenges for SOC teams.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |