pramod1
asked on
ADFS, ACTIVE DIRECTORY,
we had recently password spray attack on our COMPANY.
We have on premise ADFS AND AD server. I was researching and found below
2. In Unified Audit logs, searchable via: https://docs.microsoft.com/en-us/powershell/module/exchange/policy-and-compliance-audit/search-unifiedauditlog?view=exchange-ps
a. These logs are only maintained for 90 days and would have rolled prior to the escalation below.
b. The customer can archive these logs via REST to a SIEM or other log storage solution for longer if required.
regarding point no. b is there any method where I can archive logs via REST or SIEM method
we don't have on premise exchange all mailboxes are in 365.
We have on premise ADFS AND AD server. I was researching and found below
2. In Unified Audit logs, searchable via: https://docs.microsoft.com/en-us/powershell/module/exchange/policy-and-compliance-audit/search-unifiedauditlog?view=exchange-ps
a. These logs are only maintained for 90 days and would have rolled prior to the escalation below.
b. The customer can archive these logs via REST to a SIEM or other log storage solution for longer if required.
regarding point no. b is there any method where I can archive logs via REST or SIEM method
we don't have on premise exchange all mailboxes are in 365.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.