Forum Discussion

Iron Contributor

Apr 01, 2019

Solved

Log analytics API

Hey - i have built up a collection of saved searches in Azure log analytics, mainly searching the SecurityAlerts, SignInLogs and OfficeActivity tables. When i get a security alert notification from ...

azure monitor

Powershell and Rest API

CliveWatson
Apr 02, 2019
AndrewX

There is the Log Analytocs API https://docs.microsoft.com/en-us/rest/api/loganalytics/ and the https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-collector-api

When you get a Security Alert you could call a playbook (Logic App) to work with that data, even if its only to create that CSV file.

Azure Sentinel has a new connector to O365 (not look too closely myself at this particular connector and data, but Exchange is mentioned).

Thanks

CliveWatson

Silver Contributor

Apr 02, 2019

AndrewX

There is the Log Analytocs API https://docs.microsoft.com/en-us/rest/api/loganalytics/ and the https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-collector-api

When you get a Security Alert you could call a playbook (Logic App) to work with that data, even if its only to create that CSV file.

Azure Sentinel has a new connector to O365 (not look too closely myself at this particular connector and data, but Exchange is mentioned).

Thanks