This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Ingesting Exchange message trace reports

Posted on 04-22-2025 08:06 AM
b41s
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi all,

I'm in the process of ingesting Exchange logs into SecOps SIEM, the data feed to collect exchange audit logs via the Office 365 log type is successfully configured. However for the message trace reports, this log type is not within the default log types for third party APIs. So 3 questions:

1. Can people share any experiences ingesting exchange message trace reports?
2. Is there a way to configure a third party API custom feed of some sort ?
3. If it's not possible to set up a feed, what would be the best alternative way (e.g. bindplane file-based config) ?

Thanks in advance!
Exchange message trace report API documentation: MessageTrace report | Microsoft Learn

Solved Solved
0 2 299
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
kentphelps
Staff
Reply posted on --/--/---- --:-- AM

You may want to try some kind of intermediary tool such as cribl:
https://docs.cribl.io/stream/sources-office365-msg-trace/
https://docs.cribl.io/stream/destinations-google_chronicle/

View solution in original post

Jump to Solution
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
kentphelps
Staff
Reply posted on --/--/---- --:-- AM

You may want to try some kind of intermediary tool such as cribl:
https://docs.cribl.io/stream/sources-office365-msg-trace/
https://docs.cribl.io/stream/destinations-google_chronicle/

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
b41s
Bronze 1
Bronze 1
In response to kentphelps
Reply posted on --/--/---- --:-- AM

These are great resources @kentphelps , i'll accept it as a solution. Cheers.

Jump to Solution
0 Likes
Top Solution Authors
View all