Office 365 Activity Logs

Any good debugging steps for the O365 activity log source. We set it up correctly could validate the tokens but even with a poll intervall of 1 Min I am not getting any data nor any logs. Would appreciate any debugging steps to help me understand the mess I created.

1 UpGoat

You have to create an app in O365. The app has to have appropriate read permissions to the activity logs, then you have to have a source that is enabled.

After you set up the App in O365 you have to send a curl command to start your O365 Content Subscription. (This is a 2 step process). Once you get a working app, with appropriate permissions and a content subscription activated you should be able to make api calls

The steps to complete the setup can be found here: Office 365 Activity | Cribl Docs

1 UpGoat