Re: O365 Unified Activity Logs into Splunk

["Ullman, Catherine" <cende () BUFFALO EDU>]

My apologies - a coworker informed me that I may have the name wrong - Unified Audit Logs are what we want to ingest in 
Splunk if possible.

Anyone?  Bueller?

Thanks!

From: Ullman, Catherine
Sent: Friday, November 13, 2020 9:38 AM
To: 'The EDUCAUSE Security Community Group Listserv' <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: O365 Unified Activity Logs into Splunk

Good morning!

We are working towards moving into O365 and ideally would like to push the Unified Activity Logs into Splunk, but we 
don't have a sense of how big those logs typically are.  Is anyone out there doing it?  If so, how large is your user 
base and how large are your subsequent logs from O365?

Thanks in advance for any assistance.

Best,
Cathy

Dr. Catherine J Ullman
Senior Information Security Forensic Analyst
Information Security Office
University at Buffalo
cende () buffalo edu<mailto:cende () buffalo edu>


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community