Our Cloud Office 365 Log Threat Detection Suite is an advanced and comprehensive set of alerts meticulously designed to identify and mitigate cybersecurity threats that exploit Cloud Office 365 logs. As businesses increasingly adopt cloud-based productivity tools like Microsoft Office 365, the need for robust security measures to safeguard sensitive data and communications becomes paramount.
Included alerts
SecOpsO365BruteForce
SecOpsO365PhishAttempt
SecOpsO365UserPasswordReset
SecOpsO365UserPasswordChange
SecOpsO365PowerShellActivity
SecOpsO365SusMailboxDelegation
SecOpsO365DisableMFA
SecOpsO365NewFederatedDomain
SecOpsO365MailboxAuditBypass
SecOpsO365AddedServicePrincipal
SecOpsO365BypassMFAviaIP
SecOpsO365ExcessiveAuthFailureAttempts
SecOpsO365ExcessiveSSOLoginFailures
SecOpsO365PSTExportAlert.json
SecOpsO365SuspiciousAdminEmailForwarding
SecOpsO365PSTExportAlert
SecOpsO365ImpossibleTravel
SecOpsActivityAnonymousIPAddressesO365
SecOpsDataExfiltrationToUnsanctionedAppsO365
SecOpsGroupMembershipModifiedO365
SecOpsCloudDiscoveryAnomalyDetectionO365
SecOpsImpossibleTravelO365
SecOpsCDIocIpSuspiciousO365Data
Prerequisites
To use this alert pack, you must have the following data sources available on your domain:
cloud.office365
Open alert pack
Once you have installed the desired alerts individually, you can use the Open button at the top right of the card in Exchange to access the Alert configuration, where you can apply filters to find them and later manage them as required. You can also access this area via the Navigation pane (Administration → Alert Configuration → Available alerts).
Use alert pack
The alerts installed are deactivated by default. Access the Alert configuration area to activate those you need and assign sending policies to receive them through the desired channels.