Has anyone tried to onboard OneDrive Logs?
Hillary Masciave
Posts: 2 ✭
We are following this document,
We have tested bringing in Azure User and Device data in the past with no issue. We are having a problem figuring out the best Collect URL to use. We've tried many different ones. We've tested our URLs to Microsoft's Graph Explorer and we are not receiving the expected output in Cribl. We have also set all the permissions that a Splunk App would require,
Tagged:
0
Answers
-
Hey there @Hillary Masciave!
OneDrive (Sharepoint Online) logs are available via the Graph API's audit endpoint:
https://graph.microsoft.com/v1.0/auditLogs/signIns
Please keep in mind that the events logged by default are fairly basic. Additional configuration is required to gather all/relevant and useful events, both from Entra (Azure AD) and Sharepoint/OneDrive:
1 -
Thank you very much @Ron D. ! I'll pass this along to the team.
0