cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SIEM connector now available for Office 365 Advanced Security Management
By
Anthony Smith (A.J.)
Published Jun 05 2017 11:15 AM 12.5K Views
Anthony Smith (A.J.)
Microsoft
‎Jun 05 2017 11:15 AM

SIEM connector now available for Office 365 Advanced Security Management

‎Jun 05 2017 11:15 AM

A year ago we announced a way for you to get greater visibility and control over Office 365 with Advanced Security Management (ASM).  Since then we have added new features to help you better determine shadow IT activity, and we’ve enhanced control over 3rd party apps connected to Office 365.  We have also heard a lot of feedback on what else you want in ASM and today we are excited to announce that the ability to have centralized monitoring of ASM alerts with your SIEM is now available. Integrating with a SIEM service allows you to better protect Office 365 while maintaining your organization’s security workflow, automating security procedures and correlating between your cloud-based and on-premises events.  To learn how to setup the ASM SIEM connector please reference the documentation here.

 

siem.png

3 Comments
Vasil Michev
MVP
‎Jun 05 2017 11:27 AM
‎Jun 05 2017 11:27 AM

Ah well, just wrapped up a post saying the SIEM connector is coming soon :)

 

Can you share some more on the ASM roadmap and maybe provide us with a separate changelog? Every time I check the CAS changelog I get more and more by the number of features that havent made it to ASM. Files actions for example, intergration with AIP/RMS, heck even Team events are not being processed yet...

0 Likes
Like
Anthony Smith (A.J.)
Microsoft
‎Jun 05 2017 11:39 AM
‎Jun 05 2017 11:39 AM

Hi Vasil,

The items on the ASM roadmap are posted on the public roadmap at http://roadmap.office.com. For the change log, I will talk with the enginerring team to see if something similar can be created for ASM.

0 Likes
Like
ASOU AMINNEZHAD
Copper Contributor
‎Jul 30 2018 03:11 PM
‎Jul 30 2018 03:11 PM

Hi
i would like to know if by integrating O365 to siem  solution, there is a way to choose which logs to be pushed to siem ( means not pushing all  logs).

 

Another question,  for email investigation recipient and sender email address  and  email title would be in the   logs,  is there any way to exclude few emails in company form being in the log?

 

Thanks

 

 

0 Likes
Like
Version history
Last update:
‎May 11 2021 01:53 PM
Updated by: