Event from Office 365 to Netcool / NOI / Watson AIOps

View Only

Expand all | Collapse all

Event from Office 365 to Netcool / NOI / Watson AIOps

1. Event from Office 365 to Netcool / NOI / Watson AIOps

0 Like
IBM TechXchange Speaker

Michael Troitzsch
Posted Fri September 03, 2021 04:50 AM

Reply
Hello,
has anybody already done an integration of Office 365 Events into Netcool with using SCOM ? I know there is a Management Pack for O365 for SCOM - but what if you don't have SCOM ? Any experience in using the Message Bus Probe or so to grab events from Microsoft's Cloud ?!

Thanks,
Michael

------------------------------
Michael Troitzsch
Solution Architect
DICOS GmbH
Darmstadt
------------------------------
2. RE: Event from Office 365 to Netcool / NOI / Watson AIOps

0 Like
Ricardo Longo
Posted Mon September 06, 2021 11:00 AM

Reply
Hi Michael,

I don't if you already saw this but Message Bus Probe is able to capture events from Azure Monitoring as explained here https://www.ibm.com/docs/en/netcoolomnibus/8?topic=integrations-microsoft-azure-monitoring.

Regards,

------------------------------
Ricardo Longo
IBM
------------------------------

Original Message
3. RE: Event from Office 365 to Netcool / NOI / Watson AIOps

0 Like
IBM TechXchange Speaker

Michael Troitzsch
Posted Tue September 07, 2021 02:00 AM

Reply
Oi Ricardo,

thanks for pointing this out - I was aware of this very generic description ;). I was rather looking for something more specific wrt Office 365
Perhaps some best practice on configuration at both sides. As often, the technical implementation at the Omnibus side is easy - but what to configure at the sender side ?! What event format to expect ?!

Best Regards,
Michael

------------------------------
Michael Troitzsch
Solution Architect
DICOS GmbH
Darmstadt
------------------------------

Original Message
4. RE: Event from Office 365 to Netcool / NOI / Watson AIOps

0 Like
john postoyko
Posted Wed September 08, 2021 02:39 AM

Reply
Hi Michael

you said "I was rather looking for something more specific wrt Office 365"

(1) What exactly do you mean by that ? What aspect of Office 365 ,

(2) Does Office 365 provide an API by which what you are looking for in (1) , is obtainable ?

If it does then that will define the event format that is expected

(3) What is limiting the use of SCOM here ?

all the best

John

------------------------------
john postoyko
IBM
London
------------------------------

Original Message
5. RE: Event from Office 365 to Netcool / NOI / Watson AIOps

0 Like
IBM TechXchange Speaker

Michael Troitzsch
Posted Wed September 08, 2021 02:59 AM

Reply
Hi John,

(1) Basically all I can get. Just as examples: Alerts on virus mails, alerts on incorrectly addressed emails, alerts on Mailbox full, alerts on multiple wrong login attempts,....
(2) This is actually what I'm looking for. The technical aspect of getting the alerts via the MessageBus Probe is not the problem - the question really is what is available using which API:
(3) The installation I'm dealing with doesn't use SCOM.

Generally, I was just looking to see whether there is experience in how to integrate O365 with Netcool. I've to admit that I'm not too familiar with O365 ...

Best Regards,
Michael

------------------------------
Michael Troitzsch
Solution Architect
DICOS GmbH
Darmstadt
------------------------------

Original Message
6. RE: Event from Office 365 to Netcool / NOI / Watson AIOps

0 Like
john postoyko
Posted Wed September 08, 2021 03:28 AM

Reply
Hi Michael

There used to be a set of REST API's for Office365 - but it looks like they have deprecated them and removing them all together in 2022 in favour of MS Graph

https://docs.microsoft.com/en-us/previous-versions/office/office-365-api/api/version-2.0/use-outlook-rest-api

These two links may be of use in seeing what the new system provides

https://github.com/microsoftgraph/security-api-solutions/tree/master/Queries

https://techcommunity.microsoft.com/t5/azure-sentinel/ingesting-office-365-alerts-with-graph-security-api/ba-p/984888

------------------------------
john postoyko
IBM
London
------------------------------

Original Message
7. RE: Event from Office 365 to Netcool / NOI / Watson AIOps

0 Like
IBM Champion

Manoj Khabe
Posted Tue September 07, 2021 10:18 AM

Reply
There are various ways to get events from Azure
1. Message bus probe
2. Webhook.
3. Email probe

HTH.

------------------------------
Manoj Khabe
"Sr. Director
Vicom Computer Services
-
------------------------------

Original Message

AIOps

Event from Office 365 to Netcool / NOI / Watson AIOps

Michael TroitzschFri September 03, 2021 04:50 AM

Ricardo LongoMon September 06, 2021 11:00 AM

Michael TroitzschTue September 07, 2021 02:00 AM

john postoykoWed September 08, 2021 02:39 AM

Michael TroitzschWed September 08, 2021 02:59 AM

john postoykoWed September 08, 2021 03:28 AM

Manoj KhabeTue September 07, 2021 10:18 AM

1. Event from Office 365 to Netcool / NOI / Watson AIOps

2. RE: Event from Office 365 to Netcool / NOI / Watson AIOps

3. RE: Event from Office 365 to Netcool / NOI / Watson AIOps

4. RE: Event from Office 365 to Netcool / NOI / Watson AIOps

5. RE: Event from Office 365 to Netcool / NOI / Watson AIOps

6. RE: Event from Office 365 to Netcool / NOI / Watson AIOps

7. RE: Event from Office 365 to Netcool / NOI / Watson AIOps