Connect with experts and redefine what’s possible at work – join us at the Microsoft 365 Community Conference May 6-8. Learn more >

Forum Discussion

Copper Contributor

Jan 25, 2024

Ingesting Purview compliance DLP logs to Splunk

We are in the process of enabling Microsoft purview MIP DLP for a large-scale enterprise, and there is a requirement to push MIP DLP related alerts, incidents and data to Splunk SIEM. Could not find ...

compliance management

data loss prevention

information protection and governance

microsoft 365 compliance center

microsoft 365 defender

Copper Contributor

Feb 06, 2024

KashifKloudy possibly look into Office 365 Management Activity API schema | Microsoft Learn

KashifKloudy
Copper Contributor
Feb 08, 2024
Singh123999 thanks for the input.
I explored this option Office 365 Management Activity API schema | Microsoft Learn however we can also use Defender logs ingestion to Splunk using Defender https://apps.splunk.com/app/4959/ since DLP feeds alerts and incidents to Defender security portal as well. Apart from this, we can utilize graph security API also to ingest feeds to Splunk (https://learn.microsoft.com/en-us/answers/questions/1139341/graph-api-security-get-related-activities-for-a-dl) However I am not sure which option will be feasible in this case. If you have any inputs on this
- Brad Hayes
  Brass Contributor
  Jun 02, 2024
  Hi KashifKloudy,
  I wondered how this was progressing, i am interested in the exact same as you "push MIP DLP related alerts, incidents and data to Splunk SIEM". I wondered how this has progressed since you last posted, could you share what you did, and what has been successful please
  Thanks
  Brad
  - JeffreyWalzer
    Copper Contributor
    Jun 24, 2024
    Would love to know any update on this as well
    
    Thx

Share

Resources