SmartConnector for Microsoft Office 365 Management Activity

3 Likes

The Microsoft Office 365 Management Activity guide can be found here

Labels:

SmartConnector
Comment List
Anonymous
Parents
  • Hi All,

     

    While it is truth that the agent has received some updates during these last months, we can still see lots of relevant security events not covered, in fact, only the following ones are supported:

    1 ExchangeAdmin2 ExchangeItem3 ExchangeItemGroup4 SharePoint6 SharePointFileOperation8 AzureActiveDirectory9 AzureActiveDirectoryAccountLogon11 ComplianceDLPSharePoint13 ComplianceDLPExchange14 SharePointSharingOperation33 ComplianceDLPSharePointClassification55 SharePointContentTypeOperation56 SharePointFieldOperation

     

    This is just a subset from the events produced 

    Actually, as security solution, they should focus on all the relevant ones for security monitoring, at first glance, I still miss many other events, to highlight: 

    24Discovery28ThreatIntelligence41ThreatIntelligenceUrl47ThreatIntelligenceAtpContent

     

    Is it too difficult to support them? I'm not asking for all of them but just the needed to ensure a proper security monitoring, neither the types "seen on the wild/nor documented"

     

    Best regards,

     

    Karl.

Comment
  • Hi All,

     

    While it is truth that the agent has received some updates during these last months, we can still see lots of relevant security events not covered, in fact, only the following ones are supported:

    1 ExchangeAdmin2 ExchangeItem3 ExchangeItemGroup4 SharePoint6 SharePointFileOperation8 AzureActiveDirectory9 AzureActiveDirectoryAccountLogon11 ComplianceDLPSharePoint13 ComplianceDLPExchange14 SharePointSharingOperation33 ComplianceDLPSharePointClassification55 SharePointContentTypeOperation56 SharePointFieldOperation

     

    This is just a subset from the events produced 

    Actually, as security solution, they should focus on all the relevant ones for security monitoring, at first glance, I still miss many other events, to highlight: 

    24Discovery28ThreatIntelligence41ThreatIntelligenceUrl47ThreatIntelligenceAtpContent

     

    Is it too difficult to support them? I'm not asking for all of them but just the needed to ensure a proper security monitoring, neither the types "seen on the wild/nor documented"

     

    Best regards,

     

    Karl.

Children
No Data
Related Discussions
Recommended