Source types for the Splunk Add-on for Microsoft Office 365
The Splunk Add-on for Microsoft Office 365 provides the index-time and search-time knowledge for audit, service status, and service message events in the following formats.
Source type | Dataset_Name | Description | CIM data models |
---|---|---|---|
o365:cas:api
|
n/a | All service policies, alerts and entities visible through the Microsoft cloud application security portal. | n/a |
o365:graph:api
|
n/a | All audit events and reports visible through the Microsoft Graph API endpoints. This includes all log events and reports visible through the Microsoft Graph API. | n/a |
o365:management:activity
|
authentication, account_management, data_access, alert, all_changes, data_access, dlp_incidents, email_filtering, | All audit events visible through the Office 365 Management Activity API | Authentication, Change, Data Access, |
o365:service:healthIssue
|
n/a | All service status events visible through the Microsoft Graph API for Service health and communications.
|
n/a |
o365:service:updateMessage
|
n/a | All service message events visible through the Microsoft Graph API for Service health and communications.
|
n/a |
o365:reporting:messagetrace
|
n/a | All Message Trace events visible through the Microsoft Report API endpoints. | |
splunk:ta:o365:log
|
n/a | All log events generated by the Splunk Add-on for Microsoft Office 365. | n/a |
Splunk Add-on for Microsoft Office 365 | Release notes for the Splunk Add-on for Microsoft Office 365 |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!