This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps
Log in to ask a question

Microsoft Teams Call Logs

Posted on 03-28-2025 01:34 AM
Brian_frank
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hey All, 

I'm following this https://cloud.google.com/chronicle/docs/ingestion/default-parsers/collect-microsoft365

.. to get Microsoft Teams logs > Chronicle.

Don't see a pulldown under content type, for Teams.

Has anyone got Teams Call Logs > Chronicle?

Or Intune MDM?  On a microsoft "third party API" kick! 🙂 

 

0 3 149
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
dnehoda
Staff
Reply posted on --/--/---- --:-- AM

For Intune, you should select, third party api feed an configure with the appropriate tenant/subscription/ and secret.  

 

The Teams log, I believe, they end up under the 0365 third party api.   I would configure this and validate.  Maybe antoher community member can chime in here.  

  1. Go to Google Security Operations settings, and click Feeds.
  2. Click Add New.
  3. Select Third party API for Source Type.
  4. Select Office 365 for Log Type.
  5. Click Next.
  6. Based on the Microsoft 365 configuration, specify the OAuth client ID, OAuth client secret, and Tenant ID details.
  7. Select the Content type for which you are creating this feed. You must create a separate feed for each content type that you require.
  8. Click Next and then Submit.

 

0 Likes

Posted on --/--/---- --:-- AM
Brian_frank
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Thanks for that!

Yes, I'm working off the same documentation, but -- it's not working.

Has anyone else had any success with/ Teams logs > Chronicle/SecOps? 🙂

0 Likes

Posted on --/--/---- --:-- AM
darrenswift
Staff
In response to Brian_frank
Reply posted on --/--/---- --:-- AM

Hi Brian, 

I don't see any parsers for teams logs, I assume you want to collect the audit logs as per here: https://learn.microsoft.com/en-us/purview/audit-log-activities#microsoft-teams-activities 

It looks like Purview from Microsoft has some logging in here, also the default audit log within O365 as this contains these events here: https://learn.microsoft.com/en-us/purview/audit-log-activities

Happy to talk about this, as these are online sources there are other options for parsing. 

Thanks 

0 Likes
Top Solution Authors
View all