Add a URL reference that will open the o365 secuirty compliance alert in the o365's portal

Idea ID 2799565

Add a URL reference that will open the o365 secuirty compliance alert in the o365's portal

0 Votes

First great work on including the Office ATP events in the office 365 7.15 connector I was almost done with my flex connector when that was release on 4/30.  One thing enhancement we implemented (see map file below) was we crafted a URL that will will allow the analyst to pivot out of arc sight directly to the Office365 Security Compliance Alert in Microsoft's GUI as there are sub screens of information reflected in these tickets that the security compliance alerts aren't capturing fully.  The map file below is a possible solution.  The url takes the analysts directly to the alert in microsoft's gui preventing them from having to hunt for the correct ticket when they cut/paste it.   Please note  the other value in the map file correct the incorrect parsing for security compliance alerts.  SD02696513 was submitted to support to confirm and correct that issue.

MAP FILE:

event.deviceEventCategory,set.event.deviceProduct,set.expr(fileId).event.requestUrl
SecurityComplianceAlerts,Security Compliance Alerts,"__concatenate(""https://protection.office.com/viewalerts?id="",__split(fileId,"" "",""2""))"

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.