Hardware and software requirements for the Splunk Add-on for Microsoft Office 365
Splunk admin requirements
To install and configure the Splunk Add-on for Microsoft Office 365, you must be a member of the admin
role.
Network configuration requirements
The Splunk Add-on for Microsoft Office 365 makes REST API calls via HTTPS on port 443.
Secure socket layer (SSL) certification configuration requirements
By default, SSL verification is enabled. To configure secure socket layer (SSL) certifications according to the needs of your deployment, perform the following steps:
- Add SSL certificates to the file
cacert.pem
to the following paths: $SPLUNK_HOME/etc/apps/splunk_ta_o365/lib/certifi/cacert.pem
, or$SPLUNK_HOME/etc/apps/splunk_ta_o365/bin/3rdparty/certify/
.$SPLUNK_HOME/lib/python3.7/site-packages/certifi/cacert.pem
- Open the
cacert.pem
file with a text editor. - Add the SSL certificates for your deployment.
- Use the internal certificate for your client machine. If you use a proxy connection, use the same internal certificate as the one on your client machine. The connection will be inspected by your proxy, and the certificate must match your root certificate when making the connection to your server.
- Save your changes.
Microsoft Office 365 requirements
You must have administrator access to the Office 365 Admin Console to configure an application in Azure Active Directory and grant the necessary permissions to send data to the Splunk platform using the Office 365 Management Activity API and Office 365 Service Communication API.
Accessing the optional DLP policy events requires an additional Microsoft Azure Active Directory subscription. Refer to the Microsoft Azure Active Directory documentation for more information.
Azure Government Cloud limitations
The Splunk Add-on for Office 365 has not been tested with Azure Government Cloud. The functionality of the Splunk Add-on for Office 365 responsible for Azure Government Cloud data is not supported and is provided "as is", and should be used at your own risk.
Splunk platform requirements
Because this add-on runs on the Splunk platform, all of the system requirements apply for the Splunk software that you use to run this add-on.
- For Splunk Enterprise system requirements, see System Requirements in the Splunk Enterprise Installation Manual.
- If you plan to run this add-on entirely in Splunk Cloud, there are no additional Splunk platform requirements.
- If you are managing on-premises forwarders to get data into Splunk Cloud, see System Requirements in the Splunk Enterprise Installation Manual, which includes information about forwarders.
Release history for the Splunk Add-on for Microsoft Office 365 | Installation and configuration overview for the Splunk Add-on for Microsoft Office 365 |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!