Looking for any solution to import M365 unified audit logs from Graph API into sof-elk instance

bOt@zerobytes.monsterM to cybersecurity@zerobytes.monster · 9 hours ago

The original post: /r/cybersecurity by /u/xxsmudgexx25 on 2025-02-21 18:57:34.

As far as I am aware, the current API used by many to pull unified audit logs is going away this March, leaving us all with Graph. For the current API, I can download them and shove them into sof-elk no problem. The format used for the Graph UALs however do not import correctly into sof-elk. I’m looking to see if anyone else has ran into this issue and has a solution for it. I tried looking through their github but it hasn’t been much help. This is for a consultant type position where we pull logs for a different client everytime.

Edit: I also use invictus’s Microsoft extractor suite to pull logs.

You must log in or register to comment.

Chat

cybersecurity@zerobytes.monster

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !cybersecurity@zerobytes.monster

Community locked: only moderators can create posts. You can still comment on posts.

This subreddit is for technical professionals to discuss cybersecurity news, research, threats, etc.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

1 user / day
2 users / week
2 users / month
4 users / 6 months
1 local subscriber
11 subscribers
2.5K Posts
1 Comment
Modlog

mods:
bOt@zerobytes.monster