Email trace logs in the Microsoft Office 365 integration

dsv · April 5, 2022, 2:38pm

Hello,

Is it possible to get the email trace logs (delivery status, sender, recipient, subject and attachments fields) in the Microsoft Office 365 integration in the Kibana 7.16.3?

Some of these fields are presented at creation/deleteion moments but it's impossible to determine answer for questions

is the email delivered and to whom?
is it opened for reading or not?

It seems the corresponding functionality is absent.

Best regards,
Sergiy

dsv · April 14, 2022, 8:17am

I've looked around and realized the many other SIEM products (for example Qradar, Splunk) have this functionality.
Because the one of the primary attack vector is email delivery such the functionality is obviously a basic primary need.
And very strange for me to find a SIEM product without ability to analyze emails traces.

Topic		Replies	Views
SIEM detection rule emails body customization SIEM elastic-stack-alerting	5	650	January 25, 2021
Integración con Microsoft Exchange Online Message Trace Elasticsearch	1	282	February 24, 2023
Detection rule: Email CSV file as action SIEM	1	311	December 11, 2023
Office 365 Filebeat Module - Improve ECS utilization Beats ecs-elastic-common-schema , filebeat	3	767	October 25, 2022
Missing md5 field in Harmony Email & Collaboration integration with Elastic SIEM	2	57	September 16, 2025

Email trace logs in the Microsoft Office 365 integration

Related topics