Educause Security Discussion mailing list archives
Re: O365 Unified Activity Logs into Splunk
From: "Ullman, Catherine" <cende () BUFFALO EDU>
Date: Sat, 14 Nov 2020 03:01:46 +0000
My apologies - a coworker informed me that I may have the name wrong - Unified Audit Logs are what we want to ingest in Splunk if possible. Anyone? Bueller? Thanks! From: Ullman, Catherine Sent: Friday, November 13, 2020 9:38 AM To: 'The EDUCAUSE Security Community Group Listserv' <SECURITY () LISTSERV EDUCAUSE EDU> Subject: O365 Unified Activity Logs into Splunk Good morning! We are working towards moving into O365 and ideally would like to push the Unified Activity Logs into Splunk, but we don't have a sense of how big those logs typically are. Is anyone out there doing it? If so, how large is your user base and how large are your subsequent logs from O365? Thanks in advance for any assistance. Best, Cathy Dr. Catherine J Ullman Senior Information Security Forensic Analyst Information Security Office University at Buffalo cende () buffalo edu<mailto:cende () buffalo edu> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- O365 Unified Activity Logs into Splunk Ullman, Catherine (Nov 13)
- <Possible follow-ups>
- Re: O365 Unified Activity Logs into Splunk Ullman, Catherine (Nov 13)