fbpx
Back Arrow Back to All Integrations

Microsoft Security Modules

Microsoft Security Modules

Let’s face it – Microsoft has a tendency to make documentation and, more specifically, documentation around logflow a bit vague. The way logs flow from their products to servers on a network took time for our research team to figure out.

We want to save our customers time by showing you which Blumira data processing modules you’ll need for your specific Microsoft product. You may notice the same data types under more than one module. This is because we’ve built our modules to be robust when it comes to log forms. You can use either module in these cases without any impact, unless specified.

Get a Free Cloud SIEM Trial

Try out Blumira’s automated detection & response platform for free and deploy a cloud SIEM in hours.

Free Trial

Microsoft Cloud Security Module

Microsoft Cloud App Security is a multimode cloud access security broker (CASB). It provides visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your Microsoft cloud services.

Blumira integrates with Microsoft Cloud App Security to stream Microsoft cloud security event logs and alerts to the Blumira service for threat detection and actionable response.

Logs that pass through this module:

  • Office365 ATP
  • MS Cloud Application Security (typically O365)

Learn how to set up Blumira’s integration with Microsoft Cloud App Security.

Azure Event Hub Module

Microsoft Event Hub is a real-time logging and data ingestion service with integration across the Microsoft Azure platform.
Blumira integrates with Microsoft Azure Event Hub to stream Azure cloud security event logs and alerts to the Blumira service for threat detection, alerting and actionable response.

Logs that pass through this module:

  • Azure Monitor
  • Azure AD
  • Azure Defender
  • Azure ATP
  • Azure Security Center and Audit

Learn how to set up Blumira’s integration with Azure Event Hub.

Office 365 Module

Email services and productivity tools such as Microsoft Office 365 are often targeted due to the amount of sensitive information stored in these systems, but also because they can be a gateway to other systems through password resets using email.

Blumira integrates with Microsoft Office 365 productivity suite to stream Office 365 security event logs and alerts to the Blumira service for threat detection and actionable response. Blumira protects Microsoft Office 365 productivity suite by streaming O365 security events, logs, and alerts to the Blumira service which we then apply threat intelligence on to automatically detect suspected threats and deliver an actionable response.

Logs that pass through this module:

  • Office 365 ATP
  • Azure AD Tenants (with Office 365 product)
  • Office 365 Audit Logs

Learn how to set up Blumira’s integration with Office 365.