- Print
- DarkLight
Soteria's O365 ruleset provides coverage across O365 (aka M365) telemetry streams. The ruleset is designed for in-depth analysis of the Office 365 ecosystem which includes:
- Teams
- Word
- Excel
- PowerPoint
- Outlook
- OneDrive
- ...and other productivity applications.
Please note that Soteria won’t get access to your data, and you won’t be able to see or edit their rules - LimaCharlie acts as a broker between the two parties.
To leverage detection logic provided by the ruleset:
- Subscribe your tenant to the Soteria Office 365 ruleset extension
- Subscribe your tenant to tor lookup (provided at no cost).
- Configure Office 365 Sensor to start collecting Office 365 audit logs.
Enabling Soteria's O365 Rules
Soteria's O365 rules can be activated via two means.
Activating via the Web UI
To enable Soteria's O365 ruleset, navigate to the Extensions section of the Add-On Marketplace and search for Soteria. You can also directly select soteria-rules-o365
.
Please note: Pricing may reflect when the screenshot was taken, not the actual pricing
Under the Organization dropdown, select a tenant (organization) you want to subscribe to Soteria O365 rules and click Subscribe.
You can also manage add-ons from the Subscriptions menu under Billing.
Organizations that have been subscribed to Soteria's O365 rules will be marked with a green check mark in the Organization dropdown.
Infrastructure as Code
Alternatively, to manage tenants and LimaCharlie functionality at scale, you can leverage our Infrastructure as Code functionality.