Office 365 Integration with Breach Detection Service (Latest Version)
Overview
Office 365 is a
critical part of your infrastructure. The Pulse Breach Detection platform
provides API based integration with Office 365 & Azure AD to provide
visibility into system changes, file sharing and authentication related events
that are critical for enabling compliance and enhancing your overall cyber
security posture.
The integration allows ingestion of the following logs:
·
General Audit
·
Exchange
·
SharePoint
·
Azure Active Directory
logs
What
We Need
In order to securely connect the Pulse Breach Detection platform
with your office 365 instance we will need the following:
1.
Azure
Tenant(Directory) ID:
2.
Client(Application)
ID:
3.
Client Secret
(Password):
Note: Please login into the Azure portal with Admin Privileges
to perform the below steps.
Necessary Steps
·
Login in to the Azure Administrator Portal Account( https://azure.microsoft.com/en-us/features/azure-portal/)
· Create a New App Registration with the below following steps
Click on Register an application
Register the application once the above fields are given
proper values. Once the application is created you see the below with the
required information by the SOC such as the Application ID and Directory ID.
Click on API permissions and then add a permission then select
all the Application permissions and Delegated permissions in the Microsoft Office 365 Management API
Once all the Application and Delegated Permissions are added
then we need to Grant admin consent for the requested permissions.
Then we need to the generate the secrets. This can be generated
in certificates and secrets.
Click on New client secret and give it a description for the
key and select the expiration period for the Key. Once the client Key is generated then copy and
send the Key along with the Application and Directory ID.
Once all the
Information is gathered from the Azure Portal, please send this information to
your Customer Success Manager, soc@cyflare.com or
submit to your project portal.
The 3 items we will need from the client are:
· The Azure Tenant ID(Directory ID)
·
Client ID(Application
ID)
·
Client Secret(Client
Password).
Related Articles
AWS Cloudtrail Integration Guide With Breach Detection
Overview AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS ...3 1 Breach Detection System Release Notes
3. Highlights Amazing new navigation menu and dashboard to match day to day operation workflow and provide intuitive navigation 4 new detections to further enhance cyber safety 5+ new data source capability added to gain even more visibility over ...XDR G SUITE INTEGRATION
Pre-Requisites: You will need Domain Administrator Privileges to configure the G-Suite Integration within BDS. Preparation Before configuring G-Suite in data processor, user would need to enable this feature in the google admin dashboard. 1. ...CyFlare Detection List & MITRE ATT&CK Framework Mapping
Purpose This document identifies the detections that are available to CyFlare clients from the identified managed security services. Filters & Definitions State - This represents whether the default mode for the detection. It may be On or Off by ...AlienVault USM Anywhere Customer Quick Start Guide
Summary This document is intended as a step by step guide for new customer implementations of USM Anywhere with an introduction to the incident ticketing process and interacting with the SOC. The solution and service are deployed in phases. The ...