Understanding Office 365 Logon Events to Catch Intrusion Attempts
Watch the Webcast On-Demand
Watch It Now!
Let’s say you are being targeted. Because of your good security, the attacker has failed in his phishing attempts to gain access to any internal end points. But he knows you use Office 365 and he realizes that important information is always to be found in email. After all we work on what’s important and send and receive a lot of email about whatever we are working on.
So the attacker searches LinkedIn, Data.com and other sites to identify the people at your organization likely to have access to the information he needs. With that information, he begins attacking those accounts directly on Office 365.
- Would you even know the attack was taking place?
- What could you do about it?
- Would you have any idea if it were successful?
- Could you correlate this activity from other activity affecting the same person but on different clouds or originating from the same attacker?
In this webinar, Randy Smith of Ultimate Windows Security will do a deep-dive specifically on logon/logoff events from the Office 365 / Azure AD audit logs.
- How to get these events
- Which events are logged
- What data is provided
- How events look different depending on whether you use federation (e.g. ADFS) or not
We'll then discuss how to analyze these data to detect risks and correlate with other threats, and Sacha Dawes of AlienVault will show how AlienVault USM Anywhere combines Office 365/Azure AD audit data with the rest of your security activity to alert you to threats.