joedalton
Joined 9 years ago
User Profile
User Widgets
Contributions
Re: Office 365 monitoring
Hi Mike, The customer wants the O365 Audit logs monitored and a report to be submitted daily. What we currently have now is a powershell script that pulls out a csv with relevant security events. We then present a daily report based on these events. It is a bit labor intensive and I think we can use LM to automate it. I'm trying to develop a PS script to embed in a datasource to search this audit log at set intervals. If I can have LM pull these events in (not too worried about the alerting for now) I can then create a dashboard & reports. When you say test on my account, do you mean the O365 a/c? I dont have anything in LM yet as I'm still cooking a PS script to do what I need. This is what I am currently using to pull events for the previous 24 hours. $CreateEXOPSSession = (Get-ChildItem -Path $env:userprofile -Filter CreateExoPSSession.ps1 -Recurse -ErrorAction SilentlyContinue -Force | Select -Last 1).DirectoryName . "$CreateEXOPSSession\CreateExoPSSession.ps1" Connect-EXOPSSession -UserPrincipalName test@test.com #Output files directory $outputFile = "C:\Users\john.doe\Desktop\AuditRecords.csv" # Set Dates $StartDate = (Get-Date).AddDays(-1) $EndDate = (Get-Date) $AlertOperations = @('FileDeletedFirstStageRecycleBin','FileDeletedSecondStageRecycleBin',...............................................LOTS MORE!!!!) Search-UnifiedAuditLog -StartDate $StartDate -EndDate $EndDate -Operations $AlertOperations -ResultSize 5000|epcsv $outputFile -NoTypeInformation -Append EXIT5Views0likes0CommentsRe: Office 365 monitoring
Hi Mike, Thanks for the offer of a meeting. I found a workaround which was to manually import the XML files. Its working away and datasources are pulling in the data. Would you happen to know if anyone in the community has done anything on monitoring/alerting on security in O365? BTW- the datasources are great and I definitely will have a use for them on first view. Joe13Views0likes0CommentsOffice 365 security monitoring & alerting
I have a customer who has a requirement to monitor and alert on security in O365. I'm wondering if anyone has had a look at this or has any advise on how to approach that with LM? Perhaps someone on the community has developed a datasource? Any help much appreciated5Views0likes1CommentRe: Office 365 monitoring
Hi Mike I've been looking at testing this out but continually getting API response of 1041. The properties get populated for the device but the datasources dont. Any ideas what would be causing that? Thanks [05/23/2019 11:45:36] API call: https://XXXXX.logicmonitor.com/santaba/rest/device/devices?filter=displayName:xxxxxxxx [05/23/2019 11:45:36] Response code is 200 [05/23/2019 11:45:36] Deploying tokens of target app [05/23/2019 11:45:36] Generating Oauth Form [05/23/2019 11:46:19] Requesting Office 365 tokens [05/23/2019 11:46:20] Response: Token type: Bearer; Scope: ServiceHealth.Read; Expires in: 3600; Resource: https://manage.office.com [05/23/2019 11:46:20] Requesting Graph API tokens [05/23/2019 11:46:20] Response: Token type: Bearer; Scope: Reports.Read.All; Expires in: 3599; Resource: https://graph.microsoft.com [05/23/2019 11:46:20] Updating device properties, device id is 383 [05/23/2019 11:46:20] API call: https://XXXXX.logicmonitor.com/santaba/rest/device/devices/383?patchFields=customProperties&opType=replace [05/23/2019 11:46:20] Response code is 200 [05/23/2019 11:46:20] Importing Office 365 datasource template. [05/23/2019 11:46:20] Importing DataSource. [05/23/2019 11:46:20] API call: https://XXXXXX.logicmonitor.com/santaba/rest/setting/datasources/importxml [05/23/2019 11:46:20] Response code is 1041 ...................... all imports give 10415Views0likes0CommentsCustom reports
I have a requirement to automate reporting which is straightforward. However I also have a requirement to have the report include our company logo and use formatting of our choosing. The idea would be to have these reports automatically generated and delivered to customers without manual intervention. Hopefully this is a feature which I have yet to discover and if anyone has cracked it I would love to know the process.Solved33Views0likes2Comments