Forum Discussion
ODFB Activity log integration with Cloud App Secuirty
CAS, as well as it's cheaper version ASM can both read the SPO/ODFB activity logs. Both will also allow you to configure custom notifications or even actions such as blocking the user. If you want direct integration with SIEM however, I beleive only CAS would be able to do that.
Another option is to directly use the API and feed the events to your SIEM. Here's a good starting point: https://msdn.microsoft.com/office-365/office-365-management-activity-api-reference
- Rajeev KrishnanNov 30, 2016Microsoft
Thanks Vasil for the prompt response. The customer is intrested on leveraging Microsoft CAS. The idea in the longer run then is to show more value for other services with CAS and then use this as their main platform.
We did share the SIEM (in their case QRadar) integration with O365 Management API. Hopefully this confirmation allows us to move forward with CAS. Thanks again