In 2018, several REN-ISAC member representatives and staff began collaborating to create resources for institutions that manage an Office 365 instance. The team outlined the following goals:
- Describe what O365 logs are available per common EDU license types
- Describe how and with what tools the logs can be accessed
- Describe how the logs may be exported to external tools (e.g. SIEM)
- Provide scripts that retrieve log information for specific investigative actions
- Nurture community-of-practice contributions to sustain and increase the value of this open resource
Utilizing GitHub, the continuing results of this collaboration are available to everyone, and everyone is welcome to contribute their own resources. To learn more about making a PUBLIC contribution, visit the project's GitHub contributions page. If the content you are interested in contributing should be for REN-ISAC members only, contact soc@ren-isac.net for assistance.