SIEM connector now available for Office 365 Advanced Security Management

Published Jun 05 2017 11:15 AM 11.9K Views

A year ago we announced a way for you to get greater visibility and control over Office 365 with Advanced Security Management (ASM).  Since then we have added new features to help you better determine shadow IT activity, and we’ve enhanced control over 3rd party apps connected to Office 365.  We have also heard a lot of feedback on what else you want in ASM and today we are excited to announce that the ability to have centralized monitoring of ASM alerts with your SIEM is now available. Integrating with a SIEM service allows you to better protect Office 365 while maintaining your organization’s security workflow, automating security procedures and correlating between your cloud-based and on-premises events.  To learn how to setup the ASM SIEM connector please reference the documentation here.

 

siem.png

3 Comments

Ah well, just wrapped up a post saying the SIEM connector is coming soon :)

 

Can you share some more on the ASM roadmap and maybe provide us with a separate changelog? Every time I check the CAS changelog I get more and more by the number of features that havent made it to ASM. Files actions for example, intergration with AIP/RMS, heck even Team events are not being processed yet...

Hi Vasil,

The items on the ASM roadmap are posted on the public roadmap at http://roadmap.office.com. For the change log, I will talk with the enginerring team to see if something similar can be created for ASM.

Occasional Visitor

Hi
i would like to know if by integrating O365 to siem  solution, there is a way to choose which logs to be pushed to siem ( means not pushing all  logs).

 

Another question,  for email investigation recipient and sender email address  and  email title would be in the   logs,  is there any way to exclude few emails in company form being in the log?

 

Thanks

 

 

%3CLINGO-SUB%20id%3D%22lingo-sub-74947%22%20slang%3D%22en-US%22%3ESIEM%20connector%20now%20available%20for%20Office%20365%20Advanced%20Security%20Management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-74947%22%20slang%3D%22en-US%22%3E%3CP%3EA%20year%20ago%20we%20%3CA%20href%3D%22https%3A%2F%2Fblogs.office.com%2F2016%2F06%2F01%2Fgain-enhanced-visibility-and-control-with-office-365-advanced-security-management%2F%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Eannounced%3C%2FA%3E%20a%20way%20for%20you%20to%20get%20greater%20visibility%20and%20control%20over%20Office%20365%20with%20Advanced%20Security%20Management%20(ASM).%26nbsp%3B%20Since%20then%20we%20have%20added%20new%20features%20to%20help%20you%20better%20%3CA%20href%3D%22https%3A%2F%2Fblogs.office.com%2F2016%2F09%2F26%2Fapplying-intelligence-to-security-and-compliance-in-office-365%2F%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Edetermine%20shadow%20IT%20activity%3C%2FA%3E%2C%20and%20we%E2%80%99ve%20%3CA%20href%3D%22https%3A%2F%2Fblogs.office.com%2F2016%2F10%2F31%2Fenhanced-control-over-third-party-apps-now-available-in-office-365%2F%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Eenhanced%20control%20over%203rd%20party%20apps%3C%2FA%3E%20connected%20to%20Office%20365.%26nbsp%3B%20We%20have%20also%20heard%20a%20lot%20of%20feedback%20on%20what%20else%20you%20want%20in%20ASM%20and%20today%20we%20are%20excited%20to%20announce%20that%20the%20ability%20to%20have%20centralized%20monitoring%20of%20ASM%20alerts%20with%20your%20SIEM%20is%20now%20available.%20Integrating%20with%20a%20SIEM%20service%20allows%20you%20to%20better%20protect%20Office%20365%20while%20maintaining%20your%20organization%E2%80%99s%20security%20workflow%2C%20automating%20security%20procedures%20and%20correlating%20between%20your%20cloud-based%20and%20on-premises%20events.%26nbsp%3B%20To%20learn%20how%20to%20setup%20the%20ASM%20SIEM%20connector%20please%20reference%20the%20documentation%20%3CA%20href%3D%22https%3A%2F%2Fsupport.office.com%2Farticle%2Fdd6d2417-49c4-4de6-9294-67fdabbf8532%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ehere%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F15337i1203950FEAB377D2%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22siem.png%22%20title%3D%22siem.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-74947%22%20slang%3D%22en-US%22%3E%3CP%3EA%20year%20ago%20we%20announced%20a%20way%20for%20you%20to%20get%20greater%20visibility%20and%20control%20over%20Office%20365%20with%20Advanced%20Security%20Management%20(ASM).%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-74947%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdvanced%20Security%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-220286%22%20slang%3D%22en-US%22%3ERe%3A%20SIEM%20connector%20now%20available%20for%20Office%20365%20Advanced%20Security%20Management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-220286%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3CBR%20%2F%3Ei%20would%20like%20to%20know%20if%20by%20integrating%20O365%20to%20siem%26nbsp%3B%20solution%2C%20there%20is%20a%20way%20to%20choose%20which%20logs%20to%20be%20pushed%20to%20siem%20(%20means%20not%20pushing%20all%26nbsp%3B%20logs).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnother%20question%2C%26nbsp%3B%20for%20email%20investigation%20recipient%20and%20sender%20email%20address%26nbsp%3B%20and%26nbsp%3B%20email%20title%20would%20be%20in%20the%26nbsp%3B%26nbsp%3B%20logs%2C%26nbsp%3B%20is%20there%20any%20way%20to%20%3CSTRONG%3Eexclude%20few%20emails%3C%2FSTRONG%3E%20in%20company%20form%20being%20in%20the%20log%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-75144%22%20slang%3D%22en-US%22%3ERe%3A%20SIEM%20connector%20now%20available%20for%20Office%20365%20Advanced%20Security%20Management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-75144%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Vasil%2C%3C%2FP%3E%0A%3CP%3EThe%20items%20on%20the%20ASM%20roadmap%20are%20posted%20on%20the%20public%20roadmap%20at%20%3CA%20href%3D%22http%3A%2F%2Froadmap.office.com%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ehttp%3A%2F%2Froadmap.office.com%3C%2FA%3E.%20For%20the%20change%20log%2C%20I%20will%20talk%20with%20the%20enginerring%20team%20to%20see%20if%20something%20similar%20can%20be%20created%20for%20ASM.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-75136%22%20slang%3D%22en-US%22%3ERe%3A%20SIEM%20connector%20now%20available%20for%20Office%20365%20Advanced%20Security%20Management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-75136%22%20slang%3D%22en-US%22%3E%3CP%3EAh%20well%2C%20just%20wrapped%20up%20a%20post%20saying%20the%20SIEM%20connector%20is%20coming%20soon%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20you%20share%20some%20more%20on%20the%20ASM%20roadmap%20and%20maybe%20provide%20us%20with%20a%20separate%20changelog%3F%20Every%20time%20I%20check%20the%20CAS%20changelog%20I%20get%20more%20and%20more%20by%20the%20number%20of%20features%20that%20havent%20made%20it%20to%20ASM.%20Files%20actions%20for%20example%2C%20intergration%20with%20AIP%2FRMS%2C%20heck%20even%20Team%20events%20are%20not%20being%20processed%20yet...%3C%2FP%3E%3C%2FLINGO-BODY%3E
Version history
Last update:
‎May 11 2021 01:53 PM
Updated by: