Office365
The Office365 integration fetches and analyzes logs from Microsoft 365 Management APIs and normalizes them for search, dashboards, alerts, and reporting in Logpoint.
Package Details
Office365 components:
- Fetcher
- Office365Fetcher
- Compiled Normalizer
- Office365CompiledNormalizer
- Normalization package
- LP_O365 Exchange MT
- Log Source Template
- Microsoft365
- Search template
- LP_Office365
- KB list
- Executables
- Reports
- LP_Office365 OneDrive Overview
- LP_Office365 SharePoint Overview
- LP_Office365 Exchange Overview
- LP_Office365 Overview
- LP_Office365 OneDrive Anonymous Link Activities
- LP_Office365 Azure AD Login Activities
- LP_Office365 Azure AD User Account Management
- LP_Office365 OneDrive File Activities
- LP_Office365 OneDrive Folder Activities
- LP_Office365 Operations by File Category
- LP_Office365 SharePoint File Activities
- LP_Office365 SharePoint Folder Activities
- Dashboards
- LP_Office365 Security and Compliance Alerts
- LP_Office365 Azure AD Login Activities
- LP_Office365 Azure AD User Account Management
- LP_Office365 Exchange Overview
- LP_Office365 OneDrive Anonymous Link Activities
- LP_Office365 OneDrive File Activities
- LP_Office365 OneDrive Folder Activities
- LP_Office365 OneDrive Overview
- LP_Office365 Operations by File Category
- LP_Office365 Overview
- LP_Office365 SharePoint File Activities
- LP_Office365 SharePoint Folder Activities
- LP_Office365 SharePoint Overview
- Alerts
- LP_Office365 Global Administrator Role Assigned to User
- LP_Office365 MailItemAccessed Logging Disabled
- LP_Office365 Security and Compliance Alert related to Access Governance
- LP_Office365 Security and Compliance Alert related to Data Governance
- LP_Office365 Security and Compliance Alert related to Data Loss Prevention
- LP_Office365 Security and Compliance Alert related to Mail Flow
- LP_Office365 Security and Compliance Alert related to Other Category
- LP_Office365 Security and Compliance Alert related to Threat Management
Enhancement
PLUG-17680
Added RESTful configuration APIs for the Office365 Fetcher to support creating, updating, retrieving, listing, and deleting log source configurations through API workflows. This release also adds support for file uploads via the configuration APIs, simplifying secure, automated integration management.
Past Releases
Office365 v6.0.2 ▾
Enhancement
PLUG-17420
The Subscription ID field has been removed from the Office 365 configuration as it was not available in certain customer environments and could prevent successful setup.
Bug Fix
PLUG-17138
In some cases, Office365 suddenly stopped fetching logs and stayed stuck until a manual restart.
Office365 v6.0.1 ▾
Bug Fixes
PLUG-11684
If the Log Collection Policy on localhost was updated, the Office365 UI only displayed the details of the first account, even when users clicked on other listed accounts.
PLUG-11714
The fetcher became unresponsive due to missing timeout values, causing log collection to stop.
PLUG-16289
The values for the field target_user were not normalized.
Office365 v6.0.0 ▾
Enhancement
PLUG-10846
You can now configure Office365 from Log Sources, which provides a centralized user interface for all log collection configurations.
Comments
Article is closed for comments.
Office365 v3.5.0 has been publicly released.
It seems there is an Problem with the fetcher.
127.0.0.1
AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'. Trace ID: 060389f5-9662-4e29-b59b-eeb5d9981100 Correlation ID: 0e03bd28-f2c6-4386-a209-15473bd4fa52 Timestamp: 2019-08-01 09:03:24Z
Same here.
Hi Daniel, did you raise a ticket for this? Did you get it resolved?
Best regards,
Janne
Which privileges does the service account in O365 need? Reading permission to the auditlogs?
In addition to the permissions of the O365 Management API, I think the user just needs to be able to log in to Office 365 - so a standard domain user account should work?