Can not connect with office 365
1,319 views
Skip to first unread message
Aung Pyae
Dec 3, 2021, 2:58:01 AM12/3/21
to Wazuh mailing list
Hello,
I have follow - https://wazuh.com/blog/monitor-office-365-with-wazuh/
But I run scripts with correct credentials
its show
Command ;
sudo ./office_365.py --contentType DLP.All Audit.General Audit.AzureActiveDirectory --hours 24 --tenantId a1d4d25d-3f7a-4c04-8d08-489886ddb61f --clientId 065edadc-3b7b-4e4a-aee0-820e0cfe9faf --clientSecret KWZ7Q~IpNm8U_5TMtM3217Pyh7aCRUiWK23hh
ERROR MESSAGE As Below ;
2021-12-03 : [INFO] Microsoft token was successfully fetched.
2021-12-03 : [ERROR] Error while retrieving Office 365 activity logs: ('Request ', 'POST', ' ', 'https://manage.office.com/api/v1.0/065edadc-3b7b-4e4a-aee0-820e0cfe9faf/activity/feed/subscriptions/start?contentType=Audit.AzureActiveDirectory', ' failed with ', 401, ' - ', '{"error":{"code":"AF10001","message":"The permission set () sent in the request does not include the expected permission."}}').
Correct Tenet ID , Secrets ,
And I call my api from browser and showing
{"Message":"No HTTP resource was found that matches the request URI 'https://manage.office.com/api/v1.0/MyAPINUMBERS '.","MessageDetail":"No type was found that matches the controller named 'v1.0'."}
Kindly advise.
Thanks
Federico Rodriguez
Dec 3, 2021, 9:17:16 AM12/3/21
to Wazuh mailing list
Hi!
In case you already set the Application Permissions specified in:
https://wazuh.com/uploads/2020/03/4-azure-wazuh-app-configure-permissions.png
the error '{"error":{"code":"AF10001","message":"The permission set () sent in the request does not include the expected permission."} may be related to not having the proper Microsoft's Azure Active Directory licensing to pull event information through the Office 365 Management API. Could you please specify if this is the case of a free license?
In case you already set the Application Permissions specified in:
https://wazuh.com/uploads/2020/03/4-azure-wazuh-app-configure-permissions.png
the error '{"error":{"code":"AF10001","message":"The permission set () sent in the request does not include the expected permission."} may be related to not having the proper Microsoft's Azure Active Directory licensing to pull event information through the Office 365 Management API. Could you please specify if this is the case of a free license?
Aung Pyae
Dec 4, 2021, 3:27:43 AM12/4/21
to Federico Rodriguez, Wazuh mailing list
Hello Federico,
Thanks, this issue is solved. My Bad.
Kindly guide me rule set which i follow from above blog - https://wazuh.com/blog/monitor-office-365-with-wazuh/
Where can I put the rules file ?
I put together with local_rules.xml or inside local_rules.xml file this is not working. Is it the correct place?
or where should I create rules.
Thanks & Regards,
--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/CHHVuHBbum0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/0841dcbc-a6ac-436c-b4d2-055f2792b7c5n%40googlegroups.com.
Federico Pacher
Dec 14, 2021, 1:53:55 PM12/14/21
to Wazuh mailing list
Hi,
egrep -i "ERROR|WARNING|CRITICAL" /var/ossec/logs/ossec.log
We use local_decoder.xml and local_rules.xml to implement small changes. For larger-scale changes/additions to the stock decoders and rules, we recommend you create a new decoder and/or rule file.
In this link, you will find an example of how to create a custom rule and decoder.
If you still cannot see alerts, check (and share) if there are any errors in the ossec.log.
I hope this help,
Regards
pulasthi batuwita
Jan 7, 2022, 2:10:11 AM1/7/22
to Wazuh mailing list
Dear Aungp,
Appreciate if you can explain/ tell way the you fixed above error. Because I am also getting same error.
Thank you
Reply all
Reply to author
Forward
0 new messages