Forum Discussion

Brass Contributor

Jan 09, 2020

Solved

Office365 S&C Alerts available in Sentinel?

Hey all, we're trying to use our Sentinel to centralize alerts from all different E5 security solutions (wdatp, mcas, o365atp ..) Are O365 Alerts available in sentinel? Or are only the base O...

ehloworldio
Jan 09, 2020
mclaes

If i'm not mistaken Office Security & Compliance Center Alerts Connector is currently in private preview.

Alternatively, you could ingest these alerts via Graph Security API https://techcommunity.microsoft.com/t5/azure-sentinel/ingesting-office-365-alerts-with-graph-security-api/ba-p/984888

chrisbuesold

Brass Contributor

Jan 09, 2020

The URL events are informational, and don't come over to Sentinel.

mclaes

PJR_CDF
Iron Contributor
Jul 14, 2020
chrisbuesold

has this changed?

The default "A potentially malicious URL click was detected" alert policy in my demo tenant has these alerts as high severity and as it's a default policy the severity cannot be altered so it appears to be high by default now.

The following defaults are all still informational though:

Email messages containing malware removed after delivery
mail messages containing phish URLs removed after delivery
Email reported by user as malware or phish
Would be nice if the severity of these could be altered.

Paul
- nrupaks
  Copper Contributor
  Nov 16, 2020
  PJR_CDF , Ofer_Shezaf - Is it this one? - "Office 365 Advanced Threat Protection (Preview)"
  - Ofer_Shezaf
    Microsoft
    Nov 16, 2020
    nrupaks : yes