someone please let me know if i ingest Microsoft 365 logs via Feeds to SIEM, Does it charge me extra cost.
Page 1 / 1
Not that I know of. All the feeds don't have any charges AFAIK. If you write a cloud function for ingestion and integrate with 3rd party APIs then you will incur charges for hosting the cloud function.
Thanks
Hi @sonalsh
There is no additional cost for ingesting Microsoft 365 logs through Feeds > Third Party API. However, you must create an application in Azure/Entra ID with the appropriate permissions (No Extra Cost). Please refer to the links provided below for further details.
Note: Message Trace or Transaction logs must be retrieved using a custom API.
https://www.googlecloudcommunity.com/gc/SecOps-SOAR/Chronicle-Azure-AD-O365-logs/m-p/444149
https://cloud.google.com/chronicle/docs/ingestion/default-parsers/collect-microsoft365
Thanks
For Entra ID and O365, I have a 3 part blog that I wrote this summer on it for reference if you are looking for something additional. Here they are:
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.