2020-03-03 09:39 AM
I recently integrated Office 365 logs into NetWtiness. I installed all 5 parser packs and everything works fine.
I want to set up dashboards and enable some rules and would like to know a good baseline to start.
Has anyone made Office 365 dashboards? What do they display and what are some specific things to look for?
Are my current rules going to trigger from these cloud log sources even though the event types are different or do i need to implement a whole new set of rules for Office 365?
Any info from anyone collecting logs from Office 365 would be great, thank you!
2020-03-03 10:03 AM
I've moved your question to the RSA NetWitness Platform" data-type="space space where it will be seen by the product's support engineers, other customers and partners. Please bookmark this page and use it when you have product-specific questions.
Alternatively, from the RSA Customer Support page, click on Ask A Question on the blue navigation bar and choose Ask A Product Related Question. From there, scroll to RSA NetWitness Platform" data-type="space and click Ask A Question. That way your question will appear in the correct space.
Regards,
Erica
2020-07-07 10:54 PM
From where did you check the office365 logs in RSA and know that "everything works fine" ?
I am also currently working on office365 integration , but I can't seem to find any of the office365 logs.
My log collector's log say something about waiting for config on STDIN.
2020-07-08 11:38 AM
Lawrence, you've completed the setup per the implementation guide yet you don't see "msoffice365" as an event type? (Investigate ->Device Type -> show more -> msoffice365
When you added the Event Source in your log collector, does the test pass??
Log Collector -> Event Sources ->Event Categories -> Sources
2020-07-08 09:45 PM
Hi Ernie, yes I followed the Microsoft_Office365 guide from RSA but I don't see msoffice365 as event type.
Ya, the test pass when I added the event source.
Are there any more steps that you did that are not stated within the guide?
My log collector's log are spamming messages like "[office365audit.office365] [processing] [WorkUnit] [processing] 2020-07-09T08:01:14Z Office365auditCollector waiting for config on STDIN..."
I am using netwitness 11.4 if that even matters.