Forum Discussion
email service monitor
Hi Guys, We have configured the Azure Sentinel by using Office365 connector and selected the O365 and Exchange Online logs to stream to it. But after configuring it what we can see is few dashboa...
roopesh_shetty
Some of the use-case can be seen using Kusto query with the Office365 logs.
But for instance for mac users currently connected, I don't see the security purpose of it in general.
Same for how many Outlook users connected or mobile devices connected.
Do you have a purpose related to find suspicious activity for those use-case ?
Using the Fusion technology or Analytics rules such as:
- Office Policy Tampering
- Multiple users email forwarded to same destination
- Exchange AuditLog disabled
And if you have Threat Intelligence:
- TI map URL entity to OfficeActivity data
- TI map Email entity to OfficeActity
There is also Hunting Query and Jupyter Notebooks
King Regards,
Thomas
