O365beat is an open source log shipper used to fetch Office 365 audit logs from the Office 365 Management Activity API and forward them with all the flexibility and capability provided by the beats platform (specifically, libbeat).
The latest release includes updated documentation and a new ECS field mapping processor in the default config file to map the raw API-provided events to Elastic Common Schema (ECS) fields. This allows o365beat to work with standard Kibana dashboards, including capabilities in Elastic SIEM.
There is still a lot on the to-do list and probably a few bugs. Please open an issue or submit a pull request if you notice any problems in testing or production.
Please contact us if we can help in any way. Thanks!