Microsoft: Office 365
Microsoft Office 365 (now called Microsoft 365) is a SaaS offering that combines the traditional Microsoft Office desktop applications, Microsoft application services, and productivity services from within Microsoft’s Azure cloud platform. Office 365 contains the same core desktop applications as the traditional versions of Microsoft Office, such as Word, Excel, PowerPoint and Outlook, as well as a suite of other apps and online services for cloud file storage, secure communication, and collaboration. These include Planner, OneDrive, Exchange, SharePoint, Yammer, and Microsoft Teams.
Microsoft Office 365 produces service status, service messages, and management activity logs that are all useful for system administrators. In the Common Information Model, Microsoft O365 data can be mapped to any of the following data models: Authentication, Change, Data Access.
Configuration
Guidance for onboarding data can be found in the Spunk Documentation:
- Getting Data In (Splunk Enterprise)
- Getting Data In (Splunk Cloud)
- Get data into Splunk Observability Cloud
Refer to the documentation, and note the following:
- Source types:
o365:cas:api
o365:graph:api
o365:management:activity
o365:service:healthIssue
o365:service:update:Message
o365:ta:o365:log
- Add-on or app: Splunk Add-on for Microsoft Office 365
Application
When your Splunk deployment is ingesting Microsoft O365 data, you can use it to accomplish the following use cases: