Educause Security Discussion mailing list archives
Re: [External] [SECURITY] Data Loss Prevention and Microsoft API SIEM Integration
From: "Seth A. Shestack" <shestack () TEMPLE EDU>
Date: Wed, 17 Feb 2021 19:58:26 +0000
WE are just starting to experiment with DLP, however we have been using the O365 Management API into our LR SIEM for quite a while. WE get Phishing reports , OneDrive reports (other than DLP), Threat Messages. Once we turn on DLP (we have one rule in alert mode) we are told we will get those as well.
From our perspective it works well
Seth Seth Shestack Deputy CISO Executive Director, Information Security and Privacy Temple University 1805 N 19th st Rm 762 Philadelphia Pa 19122 215-204-5884 Shestack () temple edu From: The EDUCAUSE Security Community Group Listserv <SECUoRITY () LISTSERV EDUCAUSE EDU> On Behalf Of Pardonek, Jim Sent: Wednesday, February 17, 2021 2:44 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [External] [SECURITY] Data Loss Prevention and Microsoft API SIEM Integration We are working through some issues with our deployment of Microsoft DLP and the ability to get actionable reports from their Security and Compliance center. On a recent call with Microsoft, one of the engineers suggested that we look into the Office 365 Management Activity API and integrate it with our Logrhythm SIEM. Looking for information if anyone uses this API for DLP and what sort of actionable alerts they might be seeing out of it. Thanks in advance. On it alert test mo Jim James Pardonek, MS, CISSP, CEH, GSNA Associate Director Chief Information Security Officer Loyola University Chicago 1032 W. Sheridan Road | Chicago, IL 60660 *: (773) 508-6086 Loyola University Chicago will never ask you for your username or password. For the latest information security news at Loyola, please follow us online, Twitter: @LUCUISO Facebook: https://www.facebook.com/lucuiso/ Our Blog http://blogs.luc.edu/uiso/ ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Data Loss Prevention and Microsoft API SIEM Integration Pardonek, Jim (Feb 17)
- Re: [External] [SECURITY] Data Loss Prevention and Microsoft API SIEM Integration Seth A. Shestack (Feb 17)