Oct 21 2019 05:06 AM - last edited on May 24 2021 02:08 PM by TechCommunityAPIAdmin
Does anyone know how to get data from the O365 Security and Compliance center report dashboards into Sentinel? specifically the Malware Detection data
View best response
Oct 28 2019 12:06 PM
@Dean Gross
right now O365 connector gets Onedrive, Sharepoint and Exchange events only. we plan to expand to other O365 events.
In the short term, you could use a logic app to pull the O365 API events into Log Analytics.
Nov 13 2019 06:01 AM
@Nicholas DiCola (SECURITY JEDI) thanks for the suggestion, but I'm not seeing any events in the O365 APIs that are related to the malware reporting data. can you provide me some details about how this can be accomplished?
Nov 13 2019 11:59 AM
Alerts are documented in the schema here. https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api...
Looks like audit log has two entries for ThreatIntelligence
https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api...
One for Exchange ATP, and one for Onedrive/SP/Teams ATP
