Re: Splunk to pull data from office 365 one drive

lmatilla · ‎03-15-2017

I have been figuring a way to pull data from Office 365 One Drive storage. The dump data that needs to be indexed are stored in one drive. I've installed the Microsoft Cloud Services add-on but need help in connecting. Am I in the right path? Thanks!

jconger · ‎05-14-2018

The Splunk Add-on for Microsoft Cloud Services will pull activity data for OneDrive - things like file operations, user activity, file information, etc. The add-on does not index data that resides in OneDrive though. Can you dump the data to an Azure Storage account blob or file share? The add-on can index data from a blob or table. You could mount a file share to index data as well.

fahmed11 · ‎03-27-2019

Can you point me to documentation which shows that this add-on pulls OneDrive and other O365 application activity logs? So far it looks like O365 management api data, which doesn't contain user activity information.

jkat54 · ‎05-12-2018

I don’t think the ms cloud services app pulls from OneDrive. Looks like you’ll have to script your own input:

https://docs.microsoft.com/en-us/onedrive/developer/

adonio · ‎05-13-2017

kindly read the documentation, very detailed step by step explanation. start here:
http://docs.splunk.com/Documentation/AddOns/released/MSCloudServices/About
installation:
http://docs.splunk.com/Documentation/AddOns/released/MSCloudServices/Installationsteps
configuration start here and keeps on going for several pages:
http://docs.splunk.com/Documentation/AddOns/released/MSCloudServices/ConfigureappinAzureAD
hope it helps

Splunk to pull data from office 365 one drive

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...