M365 Content Package
Common Microsoft suite data sources (e.g. AAD, Office 365, MTP solutions, etc.)
For a quickstart guide on how to enable Data Connectors / Analytics Rules / Workbooks, click here.
Connectors
- Azure Active Directory Identity Protection
- Azure Advanced Threat Protection
- Azure Information Protection
- Microsoft Cloud App Security
- Microsoft Defender Advanced Threat Protection
- Office 365
- Azure Active Directory
Analytics
- Advanced Multistage Attack Detection
- Known Phosphorus group domains/IP
- Known IRIDIUM IP
- Known Manganese IP and UserAgent activity
- Mail redirect via ExO transport rule
- SharePointFileOperation via previously unseen IPs
- Multiple users email forwarded to same destination
- Malicious Inbox Rule
- Exchange AuditLog disabled
- Anomalous sign-in location by user account and authenticating application
- Suspicious application consent similar to PwnAuth
- Distributed Password cracking attempts in AzureAD
- Sign-ins from IPs that attempt sign-ins to disabled accounts
Workbooks
- Security Operations Efficiency
- Exchange Online
- Office 365
- Azure AD Audit, Activity and Sign-in logs