Announcing Splunk Add-on for Microsoft Cloud Services

I am pleased to announce the availability of Splunk Add-On for Microsoft Cloud Services. Released on April 1st 2016, this add-on which is available on Splunkbase, provides Splunk admins the ability to collect events from various Microsoft Cloud Services APIs. In this first release, this includes:

Admin, user, system, and policy action events from a variety of Office 365 services such as Sharepoint Online and Exchange Online and other services supported by the Office 365 Management API.
Audit logs for Azure Active Directory, supported by the Office 365 Management API.
Current and historical service status, as well as planned maintenance updates for a variety of services supported by the Office 365 Service Communications API.

If you are wondering what use cases could be achieved by ingesting this data into Splunk Enterprise or Splunk Cloud, following is a small sample:

Track all your Sharepoint Online user and admin level activities. Activities include file and folder actions such as view, create, edit, upload, delete and download; that in addition to file sharing and collaboration.
Track Azure AD authentications by users, IPs for all of your Microsoft Cloud apps such as Skype, Yammer, Exchange Online and other Office 365 apps.
Whether it is Skype, Yammer or any other Microsoft cloud service, track the availability and scheduled maintenance windows of these services
Track Exchange online admin and user activities.
Track user adoption by browser and geo locations
This add-on is CIM compatible. This means that by using Splunk Enterprise Security, you can address a myriad of security focused use cases such as improbable access detection (snapshot below):

Office 365 apps access anomaly detection (snapshot below):

Using the prebuilt panels that come with the add-on, you can get a quick start to building out your own dashboards. These are some of panels that are included in this release:

Last but not least, the configuration of this add-on supports OAuth v2 allowing you to run the setup without having to save any Azure credentials on your Splunk instance.Please give Splunk Add-on for Microsoft Cloud Services a try and let us know your feedback.

Happy Splunking!

Style

two-column

Platform

5 Minute Read

Face the Unexpected with the Stability and Resiliency of Splunk Cloud Platform

Splunk's SVP and Chief Product Officer, Garth Fort, dives into why the Splunk Cloud Platform is critical for helping customers drive stability across their ecosystems from a security, infrastructure and application perspective.

Analyzing BotNets with Suricata & Machine Learning

Platform

3 Minute Read

Analyzing BotNets with Suricata & Machine Learning

Suricata open source threat detection engine data & Splunk machine learning toolkit (MLTK) helps intrusion detection and intrusion prevention (inline).

Exploratory Data Analysis for Anomaly Detection

Platform

4 Minute Read

Exploratory Data Analysis for Anomaly Detection

With great choice comes great responsibility. One of the most frequent questions we encounter when speaking about anomaly detection is how do I choose the best approach for identifying anomalies in my data? The simplest answer to this question is one of the dark arts of data science: Exploratory Data Analysis (EDA).

/en_us/blog/fragments/about-splunk

/en_us/blog/fragments/subscribe-footer

Announcing Splunk Add-on for Microsoft Cloud Services

Related Articles

Face the Unexpected with the Stability and Resiliency of Splunk Cloud Platform

Analyzing BotNets with Suricata &amp; Machine Learning

Exploratory Data Analysis for Anomaly Detection

Analyzing BotNets with Suricata & Machine Learning