Sentinel not ingesting all Office 365 logs from Exchange

Recently starting using Sentinel and we're ingesting Office 365 logs using the Microsoft 365 (formerly, Office 365) version 2.0 connector.

We're getting LOTS of data from Exchange but not all of it. We don't seem to be getting any 'Receive' data which should be logging incoming messages to a user's mailbox.

We can see the 'Create' and 'Send' and many other operations... but nothing related to 'Receive'.

Additionally, on the 'Send' operations, we can't see the To: address of where our user's are sending outbound messages.

Where do I begin troubleshooting this?

0 Replies

Categorizing Microsoft alerts across data sources in Azure Sentinel

by joross on February 11, 2021

16290 Views

9 Likes

4 Replies

Hunting for Barium using Azure Sentinel

by aprakash13 on November 11, 2020

11589 Views

1 Likes

0 Replies

How to Protect Office 365 with Azure Sentinel

by Alp Babayigit on September 11, 2020

35042 Views

5 Likes

0 Replies

Office 365 Email Activity and Data Exfiltration Detection

by Stefan Simon on February 13, 2020

82249 Views

5 Likes

27 Replies

Products (49)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Sentinel not ingesting all Office 365 logs from Exchange

Sentinel not ingesting all Office 365 logs from Exchange