Educause Security Discussion mailing list archives

Re: [External] [SECURITY] Data Loss Prevention and Microsoft API SIEM Integration

From: "Seth A. Shestack" <shestack () TEMPLE EDU>
Date: Wed, 17 Feb 2021 19:58:26 +0000

WE are just starting to experiment with DLP, however we have been using the O365 Management API into our LR SIEM for 
quite a while.
WE get Phishing reports , OneDrive reports (other than DLP), Threat Messages.
Once we turn on DLP (we have one rule in alert mode) we are told we will get those as well.

From our perspective it works well


Seth

Seth Shestack
Deputy CISO
Executive Director, Information Security and Privacy
Temple University
1805 N 19th st Rm 762
Philadelphia Pa 19122
215-204-5884
Shestack () temple edu





From: The EDUCAUSE Security Community Group Listserv <SECUoRITY () LISTSERV EDUCAUSE EDU> On Behalf Of Pardonek, Jim
Sent: Wednesday, February 17, 2021 2:44 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [External] [SECURITY] Data Loss Prevention and Microsoft API SIEM Integration

We are working through some issues with our deployment of Microsoft DLP and the ability to get actionable reports from 
their Security and Compliance center.  On a recent call with Microsoft, one of the engineers suggested that we look 
into the Office 365 Management Activity API and integrate it with our Logrhythm SIEM.  Looking for information if 
anyone uses this API for DLP and what sort of actionable alerts they might be seeing out of it.

Thanks in advance.
On it alert test mo
Jim

James Pardonek, MS, CISSP, CEH, GSNA
Associate Director
Chief Information Security Officer
Loyola University Chicago
1032 W. Sheridan Road | Chicago, IL  60660

*: (773) 508-6086

Loyola University Chicago will never ask you for your username or password.
For the latest information security news at Loyola, please follow us online,
Twitter: @LUCUISO
Facebook: https://www.facebook.com/lucuiso/
Our Blog http://blogs.luc.edu/uiso/


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Current thread:

Data Loss Prevention and Microsoft API SIEM Integration Pardonek, Jim (Feb 17)
- Re: [External] [SECURITY] Data Loss Prevention and Microsoft API SIEM Integration Seth A. Shestack (Feb 17)