Microsoft Office 365 is a Web-based version of Microsoft's Office suite of enterprise-grade productivity applications. Office 365 is delivered to users through the cloud and includes Exchange Online for email, SharePoint Online for collaboration, Lync Online for unified communications, and a suite of Office Web Apps (web-based versions of the traditional Microsoft Office suite of applications).
The Office 365 integration consumes activity logs using the Office 365 Management Activity API. The Office 365 Management Activity API aggregates actions and events into tenant-specific content blobs, which are classified by the type and source of the content they contain. Currently, the following content types are supported by this API:
- Audit.General (includes all other workloads not included in the previous content types)
- DLP.All (DLP events only for all workloads)
Please note that only the Common schema and Exchange Mailbox schema is supported by default. All other schemas can be added manually as needed.
Configuration Guide: Microsoft Office 365 Event Source Configuration Guide
Collector Package on RSA Live: "MS Office 365 Log Collector Configuration"
Parser on RSA Live: CEF