Office 365 App Integration with BDS

Office 365 Integration with Breach Detection Service (Latest Version)

Overview

Office 365 is a critical part of your infrastructure. The Pulse Breach Detection platform provides API based integration with Office 365 & Azure AD to provide visibility into system changes, file sharing and authentication related events that are critical for enabling compliance and enhancing your overall cyber security posture.

The integration allows ingestion of the following logs:

·         General Audit

·         Exchange

·         SharePoint

·         Azure Active Directory logs

What We Need

 

In order to securely connect the Pulse Breach Detection platform with your office 365 instance we will need the following:

1.    Azure Tenant(Directory) ID: 

2.    Client(Application) ID: 

3.    Client Secret (Password): 

 

Note: Please login into the Azure portal with Admin Privileges to perform the below steps.

Necessary Steps

·         Login in to the Azure Administrator Portal Account( https://azure.microsoft.com/en-us/features/azure-portal/)

·         Create a New App Registration with the below following steps

                 


               







Click on Register an application



                  




Register the application once the above fields are given proper values. Once the application is created you see the below with the required information by the SOC such as the Application ID and Directory ID.

                 

Click on API permissions and then add a permission then select all the Application permissions and Delegated permissions in  the Microsoft Office 365 Management API


                 


                   




                   


                  


          


Once all the Application and Delegated Permissions are added then we need to Grant admin consent for the requested permissions.


                 



                 

               




                     

Then we need to the generate the secrets. This can be generated in certificates and secrets.

Click on New client secret and give it a description for the key and select the expiration period for the Key.  Once the client Key is generated then copy and send the Key along with the Application and Directory ID.

                      




                         

Once all the Information is gathered from the Azure Portal, please send this information to your Customer Success Manager, soc@cyflare.com or submit to your project portal.

The 3 items we will need from the client are: 

·         The Azure Tenant ID(Directory ID)



·         Client ID(Application ID)

·         Client Secret(Client Password). 

 

 

 


 

 

 

 



    • Related Articles

    • AWS Cloudtrail Integration Guide With Breach Detection

      Overview AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS ...
    • 3 1 Breach Detection System Release Notes

        3. Highlights  Amazing new navigation menu and dashboard to match day to day operation workflow and provide intuitive navigation 4 new detections to further enhance cyber safety 5+ new data source capability added to gain even more visibility over ...
    • XDR G SUITE INTEGRATION

         Pre-Requisites: You will need Domain Administrator Privileges to configure the G-Suite Integration within BDS.   Preparation Before configuring G-Suite in data processor, user would need to enable this feature in the google admin dashboard. 1. ...
    • CyFlare Detection List & MITRE ATT&CK Framework Mapping

      Purpose This document identifies the detections that are available to CyFlare clients from the identified managed security services.  Filters & Definitions State - This represents whether the default mode for the detection. It may be On or Off by ...
    • CyFlare SOC In a Box Quick Start Guide

      Deployment Overview Your appliance has been pre-configured based on the information provided at the time of your order for rapid deployment into your environment. The deployment consists of the following high level steps: Configure Firewall Rules ...