Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SIEM] Office 365 module #16386

Merged
merged 15 commits into from
Mar 19, 2020
Merged

[SIEM] Office 365 module #16386

merged 15 commits into from
Mar 19, 2020

Commits on Mar 18, 2020

  1. New module o365 for Office 365 log ingestion 

    This includes a new fileset, o365.audit, that uses the o365audit input
to ingest logs using the Office 365 Management API.
    @adriansr
    adriansr committed Mar 18, 2020
    Configuration menu
    Copy the full SHA
    8aa512b View commit details
    Browse the repository at this point in the history

  2. address review comments

    @adriansr
    adriansr committed Mar 18, 2020
    Configuration menu
    Copy the full SHA
    4eb820a View commit details
    Browse the repository at this point in the history

  3. Set related.user

    @adriansr
    adriansr committed Mar 18, 2020
    Configuration menu
    Copy the full SHA
    ee4d2ac View commit details
    Browse the repository at this point in the history

  4. Better mapping for Yammer event fields

    @adriansr
    adriansr committed Mar 18, 2020
    Configuration menu
    Copy the full SHA
    d1c4934 View commit details
    Browse the repository at this point in the history

  5. Revert changes to zeek golden file

    @adriansr
    adriansr committed Mar 18, 2020
    Configuration menu
    Copy the full SHA
    c969d6f View commit details
    Browse the repository at this point in the history

  6. Convert numeric user.id to string 

    Avoid error when trying to dissect.
    @adriansr
    adriansr committed Mar 18, 2020
    Configuration menu
    Copy the full SHA
    454ffeb View commit details
    Browse the repository at this point in the history

  7. Support ip:port in client.address

    @adriansr
    adriansr committed Mar 18, 2020
    Configuration menu
    Copy the full SHA
    277c9a5 View commit details
    Browse the repository at this point in the history

  8. Correct comment about ECS event.type

    @adriansr
    adriansr committed Mar 18, 2020
    Configuration menu
    Copy the full SHA
    c8a6b62 View commit details
    Browse the repository at this point in the history

  9. Correct o365audit docs 

    Max retention is 7 days, that's 168h, not 178.
    @adriansr
    adriansr committed Mar 18, 2020
    Configuration menu
    Copy the full SHA
    02ea070 View commit details
    Browse the repository at this point in the history

  10. Append https scheme to endpoint URLs if needed 

    This patches the o365audit input to accept resource and
authentication_endpoint configuration options without a scheme.
    @adriansr
    adriansr committed Mar 18, 2020
    Configuration menu
    Copy the full SHA
    2712947 View commit details
    Browse the repository at this point in the history

  11. Added sample dashboard

    @adriansr
    adriansr committed Mar 18, 2020
    Configuration menu
    Copy the full SHA
    3adebc7 View commit details
    Browse the repository at this point in the history

  12. Add dashboard screenshot to docs

    @adriansr
    adriansr committed Mar 18, 2020
    Configuration menu
    Copy the full SHA
    8181a9b View commit details
    Browse the repository at this point in the history

  13. Document setup process

    @adriansr
    adriansr committed Mar 18, 2020