GitHub Repo

Data Source: O365

Date: 2025-01-23

ID: b32de97d-0074-4cca-853c-db22c392b6c0

Author: Patrick Bareiss, Splunk

Description

Logs management activities in Microsoft 365, including administrative actions, user activities, and configuration changes across various services.

Details

Property Value
Source o365
Sourcetype o365:management:activity
Separator Operation
Name ▲▼ Technique ▲▼ Type ▲▼
O365 Added Service Principal Cloud Account TTP
O365 ApplicationImpersonation Role Assigned Additional Email Delegate Permissions TTP
O365 New Federated Domain Added Cloud Account TTP
O365 PST export alert Email Collection TTP
O365 Service Principal New Client Credentials Additional Cloud Credentials TTP
O365 User Consent Denied for OAuth Application Steal Application Access Token TTP

Supported Apps

Source: GitHub | Version: 2