Home

Sentinel O365 Connector showing "No data for the given query"

%3CLINGO-SUB%20id%3D%22lingo-sub-464460%22%20slang%3D%22en-US%22%3ESentinel%20O365%20Connector%20showing%20%22No%20data%20for%20the%20given%20query%22%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-464460%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20team%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20imported%20and%20configured%20O365%20connector%20for%20%3CSENTINEL%20yesterday%3D%22%22%20to%3D%22%22%20monitor%3D%22%22%20my%3D%22%22%20private%3D%22%22%20o365%3D%22%22%20tenant%3D%22%22%3ENo%20data%20for%20the%20given%20query%22%20for%20all%20queries.%3C%2FSENTINEL%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EShould%20I%20configure%20anything%20special%20in%20EXO%20to%20make%20it%20work%20%3F%20I%20followed%20instruction%20during%20wizard%20and%20it%20seemed%20very%20simple%20%3A)%3C%2Fimg%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-482085%22%20slang%3D%22en-US%22%3ERe%3A%20Sentinel%20O365%20Connector%20showing%20%22No%20data%20for%20the%20given%20query%22%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-482085%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F322462%22%20target%3D%22_blank%22%3E%40MatjazGonza%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F89690%22%20target%3D%22_blank%22%3E%40Chris%20Boehm%3C%2FA%3E%3A%20Is%20this%20something%20you%20can%20speak%20to%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-482211%22%20slang%3D%22en-US%22%3ERe%3A%20Sentinel%20O365%20Connector%20showing%20%22No%20data%20for%20the%20given%20query%22%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-482211%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F322462%22%20target%3D%22_blank%22%3E%40MatjazGonza%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHowdy%20%3A)%3C%2Fimg%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAwesome%20job%20getting%20everything%20connected%20for%20the%20Office%20365%20Audit%20logging%2C%20the%20Office%20365%20connector%20is%20collecting%20your%20Office%20365%20activity%20logs%20for%20Exchange%20and%20SharePoint%20(%20If%20you've%20configured%20them%20both%20)%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EExample%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F110188i65594A0F59FB7072%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Annotation%202019-04-24%20142833.png%22%20title%3D%22Annotation%202019-04-24%20142833.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22display%3A%20inline%20!important%3B%20float%3A%20none%3B%20background-color%3A%20%23ffffff%3B%20color%3A%20%23000000%3B%20font-family%3A%20az_ea_font%2C'Segoe%20UI'%2Cwf_segoe-ui_normal%2C'Segoe%20WP'%2CTahoma%2CArial%2Csans-serif%3B%20font-size%3A%20100%25%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20inherit%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3EThe%20Office%20365%20activity%20log%20connector%20provides%20insight%20into%20ongoing%20user%20activities.%20You%20will%20get%20details%20of%20operations%20such%20as%20file%20downloads%2C%20access%20requests%20sent%2C%20changes%20to%20group%20events%2C%20set-Mailbox%20and%20details%20of%20the%20user%20who%20performed%20the%20actions.%20By%20connecting%20Office%20365%20logs%20into%20Azure%20Sentinel%20you%20can%20use%20this%20data%20to%20view%20dashboards%2C%20create%20custom%20alerts%2C%20and%20improve%20your%20investigation%20process.%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22display%3A%20inline%20!important%3B%20float%3A%20none%3B%20background-color%3A%20%23ffffff%3B%20color%3A%20%23333333%3B%20cursor%3A%20text%3B%20font-family%3A%20inherit%3B%20font-size%3A%2016px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%201.7142%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3EDocs%20on%20setting%20up%20Mailbox%20auditing%20is%20mentioned%20here%3A%20%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fsecuritycompliance%2Fenable-mailbox-auditing%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fsecuritycompliance%2Fenable-mailbox-auditing%3C%2FA%3E%3C%2FFONT%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22display%3A%20inline%20!important%3B%20float%3A%20none%3B%20background-color%3A%20%23ffffff%3B%20color%3A%20%23333333%3B%20cursor%3A%20text%3B%20font-family%3A%20inherit%3B%20font-size%3A%2016px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%201.7142%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3EDocs%20on%20SharePoint%20Online%20auditing%20is%20mentioned%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fsupport.office.com%2Fen-us%2Farticle%2Fconfigure-audit-settings-for-a-site-collection-a9920c97-38c0-44f2-8bcb-4cf1e2ae22d2%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.office.com%2Fen-us%2Farticle%2Fconfigure-audit-settings-for-a-site-collection-a9920c97-38c0-44f2-8bcb-4cf1e2ae22d2%3C%2FA%3E%3C%2FFONT%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22display%3A%20inline%20!important%3B%20float%3A%20none%3B%20background-color%3A%20%23ffffff%3B%20color%3A%20%23333333%3B%20cursor%3A%20text%3B%20font-family%3A%20inherit%3B%20font-size%3A%2016px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20line-height%3A%201.7142%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3ELet%20me%20know%20if%20that%20helped!%20%3A)%3C%2Fimg%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
MatjazGonza
Microsoft

Hi team

 

I imported and configured O365 connector for <sentinel yesterday to monitor my private O365 tenant (EXO). As of today Dashboard still show "No data for the given query" for all queries.

Should I configure anything special in EXO to make it work ? I followed instruction during wizard and it seemed very simple :)

2 Replies

@MatjazGonza 

 

@Chris Boehm: Is this something you can speak to?

@MatjazGonza 

 

Howdy :)

 

Awesome job getting everything connected for the Office 365 Audit logging, the Office 365 connector is collecting your Office 365 activity logs for Exchange and SharePoint ( If you've configured them both )

 

Example:

 

Annotation 2019-04-24 142833.png

 

The Office 365 activity log connector provides insight into ongoing user activities. ​ You will get details of operations such as file downloads, access requests sent, changes to group events, set-Mailbox and details of the user who performed the actions.​ By connecting Office 365 logs into Azure Sentinel you can use this data to view dashboards, create custom alerts, and improve your investigation process.​

 

Docs on setting up Mailbox auditing is mentioned here: https://docs.microsoft.com/en-us/office365/securitycompliance/enable-mailbox-auditing

 

Docs on SharePoint Online auditing is mentioned here: https://support.office.com/en-us/article/configure-audit-settings-for-a-site-collection-a9920c97-38c...

 

Let me know if that helped! :)

 

 

 

 

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies