NOTES FROM THE FIELD:
I have recently been consulting on, what I think is a pretty cool engagement to integrate some Office365 mailbox data into the Splunk reporting platform.
I initially thought about using a .csv export methodology however through trial & error (more error than trial if I’m being honest), and realising that this method still required some manual interaction, I decided to embark on finding a fully automated solution.
The final solution comprises the below components:
- Splunk HTTP event collector
- Splunk hostname
- Token from HTTP event collector config page
- Azure automation account
- Azure Run As Account
- Azure Runbook
- Exchange Online credentials (registered to Azure automation account
I’m not going to run through the creation of the automation account, or required credentials as these had already been created, however there is a great guide to configuring the solution I have used for this customer at https://www.splunk.com/blog/2017/10/05/splunking-microsoft-cloud-data-part-3.html… [Keep reading] “Exchange Online & Splunk – Automating the solution”