ddbnl / Office365 Audit Log Collector
Licence: mit
Collector script for retrieving audit logs from the Office 365 API with file or network/graylog output.
Stars: ✭ 39
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Office365 Audit Log Collector
Office365 Management Api Elk
An API connector for the Office 365 Management API and the Elastic Stack
Stars: ✭ 13 (-66.67%)
Mutual labels: api, office365
Drive
☁️ A distributed cloud based lazy drive to files integrated with Dropbox, Google Drive.
Stars: ✭ 36 (-7.69%)
Mutual labels: api
Cli
GraphQL back-end framework with first-class Typescript support
Stars: ✭ 37 (-5.13%)
Mutual labels: api
Es6 Express Mongoose Passport Rest Api
Lightweight boilerplate for Node RESTful API, ES6, Express, Mongoose and Passport 🎁
Stars: ✭ 36 (-7.69%)
Mutual labels: api
Bittrex Signalr Client
Node.js implementation of SignalR protocol tailored for Bittrex exchange
Stars: ✭ 37 (-5.13%)
Mutual labels: api
Helm Registry
The helm registry to store and deliver charts (Deprecated since compass v2.9)
Stars: ✭ 36 (-7.69%)
Mutual labels: api
Hellobooks
A Single-Page Library Management App built with nodejs, express and react and redux
Stars: ✭ 37 (-5.13%)
Mutual labels: api
Camera calibration api
A simple Python API for single camera calibration using opencv
Stars: ✭ 36 (-7.69%)
Mutual labels: api
Spyne
A transport agnostic sync/async RPC library that focuses on exposing services with a well-defined API using popular protocols.
Stars: ✭ 992 (+2443.59%)
Mutual labels: api
Rhodddoobie
My little sandbox for playing around with the FP + OOP + DDD combination, in particular using Rho, doobie, Docker, testing, etc in a project.
Stars: ✭ 38 (-2.56%)
Mutual labels: api
Office365 API audit log collector
Subscribe to and collect logs from Office365 auditing APIs (https://msdn.microsoft.com/en-us/office-365/office-365-management-activity-api-reference). Currently has the option to output to a network socket (when using e.g. Graylog) or a file. Feel free to contribute other outputs if you happen to build any. Default behavior is to retrieve logs of the last 24 hours.
Use cases:
- Ad-lib log retrieval;
- Scheduling regular execution to retrieve the full audit trail.
Features:
- Subscribe to the audit logs of your choice through the subscription script;
- Collect General, Exchange, Sharepoint, Azure active directory and/or DLP audit logs through the collector script;
- Output to file or to a Graylog input (i.e. send the logs over a network socket)
Requirements:
- Office365 tenant;
- Azure application created for this script (see instructions)
- AzureAD tenant ID;
- Client key of the new Azure application;
- Secret key (created in the new Azure application, see instructions);
- App permissions to access the API's for the new Azure application (see instructions);
- Subscription to the API's of your choice (General/Sharepoint/Exchange/AzureAD/DLP, run AuditLogSubscription script and follow the instructions).
Instructions:
Creating an application in Azure:
- Create the 'Web app / API' type app by following these instructions: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications#adding-an-application
- Grant your new app permissions to read the Office API's: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications#configure-a-client-application-to-access-web-apis
- Use the 'AuditLogSubscriber' script to subscribe to the audit API's of your choice
- You can now run the script and retrieve logs.
(optional) Creating a Graylog input
If you are running this script to get audit events in Graylog you will need to create a Graylog input. If not, just skip this.
- Create a 'raw/plaintext TCP' input;
- Enter the IP and port you want to receive the logs on (you can use these in the script);
- All other settings can be left default.
Running the script:
- Retrieve all logs and send to a network socket / Graylog server:
python3 AuditLogCollector.py 'tenant_id' 'client_key' 'secret_key' --exchange --dlp --azure_ad --general --sharepoint -p 'random_publisher_id' -g -gA 10.10.10.1 -gP 6000
Script options:
usage: AuditLogCollector.py [-h] [--general] [--exchange] [--azure_ad]
[--sharepoint] [--dlp] [-p publisher_id]
[-l log_path] [-f] [-fP file_output_path] [-g]
[-gA graylog_address] [-gP graylog_port]
tenant_id client_key secret_key`
positional arguments:
tenant_id Tenant ID of Azure AD
client_key Client key of Azure application
secret_key Secret key generated by Azure application`
optional arguments:
-h, --help show this help message and exit
--general Retrieve General content
--exchange Retrieve Exchange content
--azure_ad Retrieve Azure AD content
--sharepoint Retrieve SharePoint content
--dlp Retrieve DLP content
-p publisher_id Publisher GUID to avoid API throttling
-l log_path Path of log file
-f Output to file.
-fP file_output_path Path of directory of output files
-g Output to graylog.
-gA graylog_address Address of graylog server.
-gP graylog_port Port of graylog server.
-d Enable debug logging (large log files and lower performance)
Todo:
- Add parameter start- and end date for log retrieval.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].