office 365 logo

During my time working at Sacramento State, many of the University’s enterprise-class applications were moved from on-premises servers to the “cloud”. While this might have reduced costs, and reduced problems associated with maintenance and deployment, it made things more difficult in the Information Security Office.

cloud meme

The most notable issue was the loss of Exchange logs.

A lot of my responsibilites as a SOC analyst, required monitoring logs and looking for anomalies, to detect compromised accounts. The Exchange logs allowed us to geolocate IPs and compare fields, like useragent strings, to determine if there was anomalous access for an account.

github logo ISOLogPullLibrary (Dll)

github logo ExchangeOnlineLogPull (Console Application)

We divided the application in to two parts, a library and a console application.

To use the application, follow the setup instructions in either of the READMEs.

donald@comp:~$ sudo apt-get update

The READMEs are currently not posted.

I will also be adding description of the process we took to develop the application and some of the problems we ran in to.