• Posts

  • Joined

  • Last visited


0 Neutral

About joedalton

  • Rank

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hi Mike, The customer wants the O365 Audit logs monitored and a report to be submitted daily. What we currently have now is a powershell script that pulls out a csv with relevant security events. We then present a daily report based on these events. It is a bit labor intensive and I think we can use LM to automate it. I'm trying to develop a PS script to embed in a datasource to search this audit log at set intervals. If I can have LM pull these events in (not too worried about the alerting for now) I can then create a dashboard & reports. When you say test on my account, do you mean the O365 a/c? I dont have anything in LM yet as I'm still cooking a PS script to do what I need. This is what I am currently using to pull events for the previous 24 hours. $CreateEXOPSSession = (Get-ChildItem -Path $env:userprofile -Filter CreateExoPSSession.ps1 -Recurse -ErrorAction SilentlyContinue -Force | Select -Last 1).DirectoryName . "$CreateEXOPSSession\CreateExoPSSession.ps1" Connect-EXOPSSession -UserPrincipalName #Output files directory $outputFile = "C:\Users\john.doe\Desktop\AuditRecords.csv" # Set Dates $StartDate = (Get-Date).AddDays(-1) $EndDate = (Get-Date) $AlertOperations = @('FileDeletedFirstStageRecycleBin','FileDeletedSecondStageRecycleBin',...............................................LOTS MORE!!!!) Search-UnifiedAuditLog -StartDate $StartDate -EndDate $EndDate -Operations $AlertOperations -ResultSize 5000|epcsv $outputFile -NoTypeInformation -Append EXIT
  2. Hi Mike, Thanks for the offer of a meeting. I found a workaround which was to manually import the XML files. Its working away and datasources are pulling in the data. Would you happen to know if anyone in the community has done anything on monitoring/alerting on security in O365? BTW- the datasources are great and I definitely will have a use for them on first view. Joe
  3. I have a customer who has a requirement to monitor and alert on security in O365. I'm wondering if anyone has had a look at this or has any advise on how to approach that with LM? Perhaps someone on the community has developed a datasource? Any help much appreciated
  4. Hi Mike I've been looking at testing this out but continually getting API response of 1041. The properties get populated for the device but the datasources dont. Any ideas what would be causing that? Thanks [05/23/2019 11:45:36] API call: [05/23/2019 11:45:36] Response code is 200 [05/23/2019 11:45:36] Deploying tokens of target app [05/23/2019 11:45:36] Generating Oauth Form [05/23/2019 11:46:19] Requesting Office 365 tokens [05/23/2019 11:46:20] Response: Token type: Bearer; Scope: ServiceHealth.Read; Expires in: 3600; Resource: [05/23/2019 11:46:20] Requesting Graph API tokens [05/23/2019 11:46:20] Response: Token type: Bearer; Scope: Reports.Read.All; Expires in: 3599; Resource: [05/23/2019 11:46:20] Updating device properties, device id is 383 [05/23/2019 11:46:20] API call: [05/23/2019 11:46:20] Response code is 200 [05/23/2019 11:46:20] Importing Office 365 datasource template. [05/23/2019 11:46:20] Importing DataSource. [05/23/2019 11:46:20] API call: [05/23/2019 11:46:20] Response code is 1041 ...................... all imports give 1041
  5. Thanks very much Kerry. That opened up a world of possibilities and certainly does fulfill the requirement.
  6. I have a requirement to automate reporting which is straightforward. However I also have a requirement to have the report include our company logo and use formatting of our choosing. The idea would be to have these reports automatically generated and delivered to customers without manual intervention. Hopefully this is a feature which I have yet to discover and if anyone has cracked it I would love to know the process.