SIEM and XDR in one place

Previous Articles

Part 1:  Microsoft Sentinel Implementation a Deep Dive- Part 1: Workspace Deployment

Part 2: Microsoft Sentinel Implementation a Deep Dive – Part 2: Microsoft Sentinel Deployment

Part 3: Microsoft Sentinel Implementation a Deep Dive – Part 3: Configuring Data Connectors

Part 4: Microsoft Sentinel Implementation a Deep Dive – Part 4: Deploy VM to Validate the Microsoft Sentinel Deployment

Part 5: Microsoft Sentinel Implementation a Deep Dive – Part 5: Validating the Microsoft Sentinel Deployment

Installing and Configuring Microsoft 365 Connector to Microsoft Sentinel

  • in this Article, we will see how we can integrate Microsoft 365 Logs with Log Analytics Workspace and Microsoft Sentinel.
  • Go to Microsoft Sentinel, Search for Microsoft 365 Data Connector, and install it under Content hub

Once Installed, click on Manage

Click on Manage

Select Exchange, Sharepoint, Teams and click on Apply Changes

Once the Data Connector is configured with presets and it will start collecting the logs.

Testing Microsoft 365 Data Connector

Click on Rule templates under Click on Analytics, Search for Mail redirect via ExO transport rule

Click on Create rule

Enter Name as per the requirement and click on Set Rule Logic

Leave the Rule query as it is and select 1 Hours query interval and click on Incident settings

Enable the Incident settings and Automated responses

Create an Automation rule with Action Owner to assign it to your account.

Post the rule created and match logs found, Now you can see the incident it is created

you can see the assigned owner and status of the Incident.

you can see more details if you click Investigate

and more details as follows,

Below is the Transport rule used to test the log generation and Incident creation

Author

Leave a comment

Your email address will not be published. Required fields are marked *