Proteggiamo il tuo ambiente digitale da qualsiasi attacco informatico. Sfrutta tutte le potenzialità della piattaforma SGBox!

Gallery

Contatti

Via Melchiorre Gioia, 168 - 20125 Milano

info@sgbox.it

+39 02 60830172

Linkedin Facebook-f Twitter

Search another article?

Created On
Print
You are here:
< Back

O365 Pre-Requirements

To be able to download the logs from O365 tenant is necessary to:

  • Generate the appropriate O365 Credentials: tenant, client_id, client_secret . You can check the appropriate Microsoft documentation
  • Enable the correct permission on the O365 tenant, you can consult the appropriate Microsoft documentation
  • Be sure that the SGBox Appliance can communicate with these addresses:
    • https://login.windows.net/
    • https://manage.office.com/api/v1.0/

Add Custom Host

You must an Host to make sure that the logs will be written to the Appliance.
To achieve this:

  • Go to SCM -> Network -> Host
  • Click the button at the bottom “New Host”
  • Insert “Office365” in the Host field and Save the new host

O365 PB Package Installation

to install the Playbook you must:

  1. Go to SCM -> Applications -> Packages and download the package named “Logs from Office 365”

O365 PB Configurations

To configure the Playbooks to work you must:

  1. Set in the “[OFFICE 365] Settings and starter” PB (ID: 10018)
    1. In the first node “Office 365”: fill the “tenant”, “client_id”, “client_secret”

In the second node “Logs enabled”: fill with string “enabled” every flow you want to enable

365_sett_start_1
365_sen_1
365_sen_2-1024x374

  1. On every PB Subflow you must set in the last node “Write log page” the field “Host” with the host that will be write the logs in SGBox
    365_sen_3-300x121
  2. Schedule the “[OFFICE 365] Settings and starter” PB with the 🕓 icon and set an appropriate time range (not less than 5 minutes)

Install Office365 Pattern Package

To be able to parse correctly the log received, you must install this package “Office365” to be able to parse correct the events. In the Host selection add the previously created “Office365” host

Activate Office 365 Playbooks

Verify Mapping Host insert correctly

To be sure that the event will be parsed correctly, you must go to Configuration -> Mapping, Modify the Office365 Mapping and insert the created Host in the first popup.

O365 PB Reset

In some cases (if the connection to SGBox lack from more than 7 days for example) you may need to reset the playbook. In this case you must reinstall the package via SCM -> Applications -> Packages and select the â–¶ icon. The follow the step to reconfigure the playbooks.