pramod1

<div>
<div class="content wysiwyg-content">
we had recently password spray attack on our COMPANY.<br />
<br />
We have on premise ADFS AND AD server. I was researching and found below<br />
2. &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;In Unified Audit logs, searchable via: <a href="https://docs.microsoft.com/en-us/powershell/module/exchange/policy-and-compliance-audit/search-unifiedauditlog?view=exchange-ps" rel="ugc">https://docs.microsoft.com/en-us/powershell/module/exchange/policy-and-compliance-audit/search-unifiedauditlog?view=exchange-ps</a><br />
a. &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;These logs are only maintained for 90 days and would have rolled prior to the escalation below.<br />
b. &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;The customer can archive these logs via REST to a SIEM or other log storage solution for longer if required.<br />
<br />
regarding point no. b is there any method where I can archive logs via REST or SIEM &nbsp;method<br />
<br />
we don't have on premise exchange all mailboxes are in 365.
</div>
</div>


we had recently password spray attack on our COMPANY.

We have on premise ADFS AND AD server. I was researching and found below
2.	In Unified Audit logs, searchable via: https://docs.microsoft.com/en-us/powershell/module/exchange/policy-and-compliance-audit/search-unifiedauditlog?view=exchange-ps
a.	These logs are only maintained for 90 days and would have rolled prior to the escalation below.
b.	The customer can archive these logs via REST to a SIEM or other log storage solution for longer if required.

regarding point no. b is there any method where I can archive logs via REST or SIEM  method

we don't have on premise exchange all mailboxes are in 365.

ADFS, ACTIVE DIRECTORY,

Office 365 is a group of software plus services subscriptions that provides productivity software and related services to its subscribers. Office 365 allows the use of Microsoft Office apps on Windows and OS X, provides storage space on Microsoft's cloud storage service OneDrive, and grants 60 Skype minutes per month. Office 365 includes e-mail and social networking services through hosted versions of Exchange Server, Skype for Business Server, SharePoint and Office Online, integration with Yammer, as well as access to the Office software. All of Office 365's components can be managed and configured through an online portal; users can be added manually, imported from a CSV file, or Office 365 can be set up for single sign-on with a local Active Directory using Active Directory Federation Services.

Microsoft 365

Active Directory Federation Services (ADFS)

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Representational state transfer (REST) is an architectural style that gives a coordinated set of constraints to the design of components in a distributed hypermedia system used to design networked applications. RESTful systems typically communicate over Hypertext Transfer Protocol (HTTP) with the same HTTP verbs (GET, POST, PUT, DELETE, etc.) that web browsers use to retrieve web pages and to send data to remote servers. REST interfaces with external systems using resources identified by Uniform Resource Identifier (URI) that can be operated upon using standard verbs.

REST

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Network Security

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.