Here is a reference to the Office 365 audit logs. Remember, Office 365 logs are generally only stored for 90 days.
https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-worldwide
You can additionally purchase Advanced Audit logging, which gives you the ability to retina logs for a year.
https://docs.microsoft.com/en-us/microsoft-365/compliance/advanced-audit?view=o365-worldwide
The Office 365 Management API provides rest services you can use to download data.
https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-apis-overview
It is possible to sent the Office 365 Management API logs to a SIEM solution. This allows you to retain the logs for longer.
https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-reference
Here is the schema to all the data in the Office 365 Management API.
https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-schema
Here is information on Azure AD Audit logs.
https://docs.microsoft.com/en-us/azure/security/fundamentals/log-audit
Also there is Azure Sentinel; it is a SEIM solution in the cloud.
https://docs.microsoft.com/en-us/azure/sentinel/overview
Here is how to connect Office 365 to Sentinel.
https://docs.microsoft.com/en-us/azure/sentinel/connect-office-365
Here is how to connect Azure AD to Sentinel.
https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-activity
No comments:
Post a Comment