It’s no surprise that the majority of successful cyber-attacks begin with a simple e-mail. Some statistics show that number as high as 90%. While our clients are always looking for help implementing the latest tool to help mitigate the risk associated with a successful malicious e-mail campaign, we’ve found one simple (and free) technique that is often overlooked: ingesting your O365 logs into your SIEM. This one tweak helps drive greater visibility into your organization’s e-mail activity and can help raise the alarm on phishing campaigns when other tools miss them.
For those that know us, we recommend McAfee’s Enterprise Security Manager. Our team has outlined the simple steps below to help you start getting better visibility into your O365 traffic today. Most issues with the Office 365 and McAfee SIEM integration occur when enabling subscriptions, as there are no GUI toggles to finish the job and enable the event feed subscriptions required to see the events. That’s where our team has done the work for you.
The first link will take you to the product guide that will help begin the process. The second link contains the script which simplifies the process of enabling the event subscriptions. Once you reach step 11 of the product guide, proceed to Github for the script and next steps.
Thanks for reading, feel free to share, and be on the lookout for more #beyondthemanual posts from our ECS team!
By Matt Fuller
Published on July 11, 2018