Document toolboxDocument toolbox

cloud.office365.exchange

Owned by Juan Tomás Alonso Nieto (Deactivated)
Jul 06, 2022
1 min read
[ 1 Introduction ] [ 2 How is the data sent to Devo? ]

Introduction

The tag beginning with cloud.office365.exchange identifies events with workload generated by Microsoft Office 365 (hosted on Azure). The types of events supported are:

  • AirInvestigation

  • AzureActiveDirectory

  • Compliance

  • Endpoint

  • Exchange

  • MCAS

  • MicrosoftFlow

  • MicrosoftForms

  • MicrosoftStream

  • MicrosoftTeams

  • MyAnalytics

  • OneDrive

  • PowerApps

  • PowerBI

  • Quarantine

  • SecurityComplianceCenter

  • SharePoint

  • SkypeForBusiness

  • ThreatIntelligence

  • Yammer

How is the data sent to Devo?

You can forward logs generated by Microsoft Office 365 using any Syslog drain (for example, Syslog-ng).