| Table of Contents | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Purpose
Our Cloud Office 365 Log Threat Detection Suite is an advanced and comprehensive set of alerts meticulously designed to identify and mitigate cybersecurity threats that exploit Cloud Office 365 logs. As businesses increasingly adopt cloud-based productivity tools like Microsoft Office 365, the need for robust security measures to safeguard sensitive data and communications becomes paramount.
Included alerts
SecOpsO365BruteForce | SecOpsO365PhishAttempt | SecOpsO365UserPasswordReset |
SecOpsO365UserPasswordChange | SecOpsO365PowerShellActivity | SecOpsO365SusMailboxDelegation |
SecOpsO365DisableMFA | SecOpsO365NewFederatedDomain | SecOpsO365MailboxAuditBypass |
SecOpsO365AddedServicePrincipal | SecOpsO365BypassMFAviaIP | SecOpsO365ExcessiveAuthFailureAttempts |
SecOpsO365ExcessiveSSOLoginFailures | SecOpsO365PSTExportAlert.json | SecOpsO365SuspiciousAdminEmailForwarding |
SecOpsO365PSTExportAlert | SecOpsO365ImpossibleTravel | SecOpsActivityAnonymousIPAddressesO365 |
SecOpsDataExfiltrationToUnsanctionedAppsO365 | SecOpsGroupMembershipModifiedO365 | SecOpsCloudDiscoveryAnomalyDetectionO365 |
SecOpsImpossibleTravelO365 |
...
SecOpsCDIocIpSuspiciousO365Data |
Prerequisites
To use this alert pack, you must have the following data sources available on your domain:
...