mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-01-06 08:13:32 +01:00
49 lines
1.5 KiB
Plaintext
49 lines
1.5 KiB
Plaintext
# Module: o365
|
|
# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-o365.html
|
|
|
|
- module: o365
|
|
audit:
|
|
enabled: true
|
|
|
|
# Set the application_id (also known as client ID):
|
|
var.application_id: "<MyApplicationID>"
|
|
|
|
# Configure the tenants to monitor:
|
|
# Use the tenant ID (also known as directory ID) and the domain name.
|
|
# var.tenants:
|
|
# - id: "tenant_id_1"
|
|
# name: "mydomain.onmicrosoft.com"
|
|
# - id: "tenant_id_2"
|
|
# name: "mycompany.com"
|
|
var.tenants:
|
|
- id: "<MyTenantID>"
|
|
name: "mytenant.onmicrosoft.com"
|
|
|
|
# List of content-types to fetch. By default all known content-types
|
|
# are retrieved:
|
|
# var.content_type:
|
|
# - "Audit.AzureActiveDirectory"
|
|
# - "Audit.Exchange"
|
|
# - "Audit.SharePoint"
|
|
# - "Audit.General"
|
|
# - "DLP.All"
|
|
|
|
# Use the following settings to enable certificate-based authentication:
|
|
# var.certificate: "/path/to/certificate.pem"
|
|
# var.key: "/path/to/private_key.pem"
|
|
# var.key_passphrase: "myPrivateKeyPassword"
|
|
|
|
# Client-secret based authentication:
|
|
# Comment the following line if using certificate authentication.
|
|
var.client_secret: "<YourClientSecretHere>"
|
|
|
|
# Advanced settings, use with care:
|
|
# var.api:
|
|
# # Settings for custom endpoints:
|
|
# authentication_endpoint: "https://login.microsoftonline.us/"
|
|
# resource: "https://manage.office365.us"
|
|
#
|
|
# max_retention: 168h
|
|
# max_requests_per_minute: 2000
|
|
# poll_interval: 3m
|