Monday, July 3, 2017

Office 365 and SIEM Data Feeds

Another announcement that was recently made is the SIEM connector service has not been added to Office 365 Advanced Security Management (E5).  SIEM stands for Security Information and Event Management.  Many customers who have complex security requirements require the ability to centralize monitoring of alerts and events to do monitoring.  With this solution, customers have the ability to analyze application logs/events and then do contextual analysis to their organization’s security using your own SIEM solution.

To deploy this solution, the organization is responsible for deploying a SIEM agent which will poll the Office 365 REST APIs.  All communications are over HTTPS/443.  Once data is retrieved from the SIEM agent, syslog messages will be sent to your local SIEM solution.

Announcement - https://blogs.office.com/2017/06/22/new-in-office-365-security-and-compliance-june-update/

SEIM Integration – with install instructions - https://support.office.com/en-us/article/SIEM-integration-with-Office-365-Advanced-Security-Management-dd6d2417-49c4-4de6-9294-67fdabbf8532?ui=en-US&rs=en-US&ad=US

No comments: