Forum Discussion
Dean_Gross
Oct 21, 2019Silver Contributor
O365 Malware report data to Sentinel
Does anyone know how to get data from the O365 Security and Compliance center report dashboards into Sentinel? specifically the Malware Detection data
right now O365 connector gets Onedrive, Sharepoint and Exchange events only. we plan to expand to other O365 events.
In the short term, you could use a logic app to pull the O365 API events into Log Analytics.
right now O365 connector gets Onedrive, Sharepoint and Exchange events only. we plan to expand to other O365 events.
In the short term, you could use a logic app to pull the O365 API events into Log Analytics.
- Dean_GrossSilver Contributor
Nicholas DiCola (SECURITY JEDI) thanks for the suggestion, but I'm not seeing any events in the O365 APIs that are related to the malware reporting data. can you provide me some details about how this can be accomplished?
Alerts are documented in the schema here. https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-schema#security-and-compliance-alerts-schema
Looks like audit log has two entries for ThreatIntelligence
One for Exchange ATP, and one for Onedrive/SP/Teams ATP