Document toolboxDocument toolbox

Platform alert pack: Office 365

Purpose

Our Cloud Office 365 Log Threat Detection Suite is an advanced and comprehensive set of alerts meticulously designed to identify and mitigate cybersecurity threats that exploit Cloud Office 365 logs. As businesses increasingly adopt cloud-based productivity tools like Microsoft Office 365, the need for robust security measures to safeguard sensitive data and communications becomes paramount. 

Included alerts

SecOpsO365BruteForce

SecOpsO365PhishAttempt

SecOpsO365UserPasswordReset

SecOpsO365UserPasswordChange

SecOpsO365PowerShellActivity

SecOpsO365SusMailboxDelegation

SecOpsO365DisableMFA

SecOpsO365NewFederatedDomain

SecOpsO365MailboxAuditBypass

SecOpsO365AddedServicePrincipal

SecOpsO365BypassMFAviaIP

SecOpsO365ExcessiveAuthFailureAttempts

SecOpsO365ExcessiveSSOLoginFailures

SecOpsO365PSTExportAlert.json

 

SecOpsO365SuspiciousAdminEmailForwarding

SecOpsO365PSTExportAlert

SecOpsO365ImpossibleTravel

SecOpsActivityAnonymousIPAddressesO365

SecOpsDataExfiltrationToUnsanctionedAppsO365

SecOpsGroupMembershipModifiedO365

SecOpsCloudDiscoveryAnomalyDetectionO365

SecOpsImpossibleTravelO365

SecOpsCDIocIpSuspiciousO365Data

Prerequisites

To use this alert pack, you must have the following data sources available on your domain:

  • cloud.office365

Open alert pack 

Once you have installed the desired alerts individually, you can use the Open button at the top right of the card in Exchange to access the Alert configuration, where you can apply filters to find them and later manage them as required. You can also access this area via the Navigation pane (Administration → Alert Configuration → Available alerts).

Platform alert packs (use alert pack).png

Use alert pack 

The alerts installed are deactivated by default. Access the Alert configuration area to activate those you need and assign sending policies to receive them through the desired channels.

Â