Skip to content

How to collect data from the Office 365 application

In this page we describe how to collect events from Office 365 data source.

You must be logged in to the CYBERQUEST web interface with a user with administrative rights.

Navigate to "Settings > Management > Data Source Manager".

Alt text

This page contains all the data sources added in the CYBERQUEST application.

Complete the form

Press the "Add data-source" button and complete de following form:

Alt text

DataSource Type: Select one of the three Office365 data sources: "CQApi / Office365 AzureActiveDirectory ( LogName: Office365 AzureActiveDirectory )" , "CQApi / Office365 Exchange ( LogName: Office365 Exchange )" or "CQApi / Office365 Sharepoint ( LogName: Office365 Sharepoint )";

Query Interval: At what time interval is the query executed. It is automatically completed to run every 60 seconds;

Credentials to use: Add appropriate credentials from a drop-down list;

Tag: This field is filled in automatically, but you can change the information;

Administrative Notes: You can complete with information about the added data source;

Annonymize Fields: You can select certain information to be anonymized. You can select one or more options;

Script: Complete the following fields in the script:

-tenant_id: "Directory (tenant) ID",
-client_id: "Application (client) ID",
-client_secret: "Client Secrets / secret key"

Click the "Save" button to save the data source.

Assign the CYBERQUEST agent

The next step is to assign the CYBERQUEST agent to this data source. Press the drop-down list and choose the agent.

Alt text

Action menu

To edit the data sources information, press "Edit" buttonAlt text. This process is almost identical to adding data sources.

Bulk Clone Alt Image : Clone the current data source settings for each element of the field “Bulk Clone”.

Clone Alt Image : Clone the data source.

You can also delete the data source by pressing "Delete" button. To delete data source you must remove Agent from data source.