IBM Security QRadar

 View Only
  • 1.  How to get Office 365 events in to Qradar.

    Posted Mon February 01, 2021 10:47 AM
    Hi All,

    We have a requirement where we need to integrate Office 365 with IBM Qradar. Basically we need below alert in Qradar,

    Could you all help in this, How can we accomplish this. 



    Regards
    Asif Siddiqui

    ------------------------------
    Asif Siddiqui Senior Security Analyst
    ------------------------------


  • 2.  RE: How to get Office 365 events in to Qradar.

    IBM Champion
    Posted Fri February 19, 2021 12:12 PM
    Asif,
    pls check https://community.ibm.com/community/user/security/blogs/wendy-willner/2021/02/04/qradarmicrosoft-office-365-integration-update
    BR
    Karl

    ------------------------------
    [Karl] [Jaeger] [Business Partner]
    [QRadar Specialist]
    [pro4bizz]
    [Karlsruhe] [Germany]
    [4972190981722]
    ------------------------------



  • 3.  RE: How to get Office 365 events in to Qradar.

    IBM Champion
    Posted Mon February 22, 2021 08:12 AM
    Hi Asif,

    consider, that you may need the O365 E5 Subscription to be able to integerate. With E5 you should be able to configure in the Azure Active Directory Admin Center the prerequisits and necessary account details. You'll need those informations to configure the requested parameters in the qradar logsource described for the log source in the qradar dsm guide.

    Regards,
    Ralph

    ------------------------------
    Ralph Belfiore
    IT Security Senior Consulting
    pro4bizz GmbH
    Karlsruhe
    +49 721 90981720
    ------------------------------