top of page

Microsoft Sentinel Implementation a Deep Dive - Part 6: Ingesting Microsoft 365 Logs and validation

Previous Articles
 

Installing and Configuring Microsoft 365 Connector to Microsoft Sentinel

in this Article, we will see how we can integrate Microsoft 365 Logs with Log Analytics Workspace and Microsoft Sentinel.

Go to Microsoft Sentinel, Search for Microsoft 365 Data Connector, and install it under Content hub

Sentinel-6-1

Once Installed, click on Manage

Sentinel-6-2

Click on Manage

Sentinel-6-3

Select Exchange, Sharepoint, Teams and click on Apply Changes

Sentinel-6-4

Once the Data Connector is configured with presets and it will start collecting the logs.

Testing Microsoft 365 Data Connector

Click on Rule templates under Click on Analytics, Search for Mail redirect via ExO transport rule

Sentinel-6-5

Click on Create rule

Sentinel-6-7

Enter Name as per the requirement and click on Set Rule Logic

Sentinel-6-8

Leave the Rule query as it is and select 1 Hours query interval and click on Incident settings

Sentinel-6-9

Enable the Incident settings and Automated responses

Sentinel-6-10

Create an Automation rule with Action Owner to assign it to your account.

Sentinel-6-11

Post the rule created and match logs found, Now you can see the incident it is created

Sentinel-6-13

you can see the assigned owner and status of the Incident.

Sentinel-6-14

you can see more details if you click Investigate

Sentinel-6-15

and more details as follows,

Sentinel-6-17

Below is the Transport rule used to test the log generation and Incident creation

Sentinel-6-17
 

14 views0 comments
bottom of page