Microsoft Office 365 Data
App Installation
| App | Search Head | Indexer | Heavy Forwarder | UF / Deployment Server | Additional Details |
|---|---|---|---|---|---|
| Splunk Add-on for Microsoft Office 365 | Required | - | Required | - | Installation and Configuration Guide |
Important inputs to be configured (If input has “Content Type” dropdown then create input for each Content Type):
- Management Activity - Audit.AzureActiveDirectory, Audit.Exchange, Audit.SharePoint, Audit.General, DLP.All
- Message Trace
- Service Health & Communications - Service Health
- Audit Logs
Note : Create an index named o365 or update the cs_o365 macro definition from Cyences app configuration page (Cyences Settings > Cyences App Configuration > Products Setup).
Estimated Data Size
TODO