Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community

O365 Malware report data to Sentinel

Silver Contributor

Does anyone know how to get data from the O365 Security and Compliance center report dashboards into Sentinel? specifically the Malware Detection data

3 Replies
best response confirmed by VI_Migration (Silver Contributor)

@Dean Gross 

right now O365 connector gets Onedrive, Sharepoint and Exchange events only.  we plan to expand to other O365 events.


In the short term, you could use a logic app to pull the O365 API events into Log Analytics.

@Nicholas DiCola (SECURITY JEDI) thanks for the suggestion, but I'm not seeing any events in the O365 APIs that are related to the malware reporting data. can you provide me some details about how this can be accomplished? 

@Dean Gross 


Alerts are documented in the schema here.


Looks like audit log has two entries for ThreatIntelligence

One for Exchange ATP, and one for Onedrive/SP/Teams ATP