Use Panther’s built-in rules to monitor activity, or write your own detections in Python to fit your internal business use cases.
Common security use cases for Microsoft365 Logs with Panther include:
- Monitor for potential security issues or suspicious activity in your account
- Monitor administrative actions
- Easily query user actions
How it works
Integration is fast and simple!
- Create a new Application in Azure AD and provide the app credentials to Panther (see instructions in the docs)
- Panther will parse, normalize, and analyze your log data in real-time
- As rules are triggered, alerts are sent to your configured destinations
- Normalized logs can be searched from Panther’s Data Explorer
- Sit back and monitor your activity!
You can find detailed instructions on how to set up this integration here. Note, Microsoft will make log events available 12 hours after the source is created on Panther.