Wrangling the M365 UAL with SOF-ELK on EC2 (Part 2 of 3)
Summary
This article, the second in a three-part series, details how to process and analyze Microsoft 365 Unified Audit Logs (UAL) using the SOF-ELK stack deployed on AWS EC2. It builds upon previous discussions about the value and acquisition challenges of UAL data.
IFF Assessment
FRIEND
The article provides practical guidance and techniques for defenders to better ingest and analyze security-relevant logs, enhancing their detection and investigation capabilities.
Defender Context
Understanding how to effectively ingest and analyze audit logs from cloud services like Microsoft 365 is crucial for defenders. This article offers a technical approach to manage and derive insights from UAL data, which is vital for incident response and threat hunting.