Office
Sign in

SIEM integration with Office 365 Threat Intelligence

If your organization is using a security incident and event management (SIEM) server, you can integrate Office 365 Threat Intelligence with your SIEM server. This enables you to view information, such as malware detected by Office 365 Threat Intelligence, in your SIEM server reports.

Use the Office 365 Activity Management API

To integrate Office 365 Threat Intelligence with your SIEM server, use the Office 365 Activity Management API. This API retrieves information about user, admin, system, and policy actions and events from your organization's Office 365 and Azure AD activity logs.

You must be an Office 365 global administrator or have the security administrator role assigned in the Security & Compliance Center.

See Office 365 Management Activity API reference.

Related topics

Office 365 Threat Intelligence
Protect against threats in Office 365
Permissions in the Office 365 Security & Compliance Center

Expand your Office skills
Explore training
Get new features first
Join Office Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×