Question about the Office 365 audit log integrations

24 views
Skip to first unread message

nbent...@gmail.com

unread,
Sep 28, 2023, 5:39:42 PM9/28/23
to Wazuh | Mailing List
We've had Wazuh pulling Office 365 logs for a while now but last month we updated the list of bad passwords and were wondering how many people we might have tripped up with that change.

We reached into Wazuh only to find out that "Self-service Password Management" wasn't being pulled into wazuh only the final change that happened at 6:31:10 AM:


Untitled.png

Is this a limit of MS Graph or Wazuh? ossec-alerts-28.log don't show these events in the orange box.

Diego Ariel Balbuena

unread,
Sep 29, 2023, 9:19:28 PM9/29/23
to Wazuh | Mailing List
Hi nbent...@gmail.com!

The issue you are experiencing with the 'Self-service Password Management' events not being pulled into Wazuh could be due to a limitation in the integration between Wazuh and MS Graph. We recommend checking the configuration settings and permissions for the integration to ensure that the necessary events are being captured. Additionally, it would be helpful to review the logs and documentation for both Wazuh and MS Graph to identify any specific limitations or troubleshooting steps for this scenario. If you require further assistance, please provide more details about your Wazuh and MS Graph configurations.


I hope it helps!
Diego
Reply all
Reply to author
Forward
0 new messages