Skip to content
This repository has been archived by the owner on Dec 27, 2022. It is now read-only.

Document requirement to turn on Unified Audit Log before using Sparrow #46

Closed
mpeck12 opened this issue Jan 11, 2021 · 1 comment
Closed

Document requirement to turn on Unified Audit Log before using Sparrow #46

mpeck12 opened this issue Jan 11, 2021 · 1 comment
Assignees
@DeemOnSecurity @genericdevname
Labels
documentation This issue or pull request improves or adds to documentation improvement This issue or pull request will add new or improve existing functionality

Comments

@mpeck12
Copy link

mpeck12 commented Jan 11, 2021

The Unified Audit Log must be activated before using Sparrow - this requirement should be documented
(and if possible, Sparrow should warn the user at runtime if the Unified Audit Log hasn't been activated?):

  • Requires an Office 365 license (E5 license?)

  • Need to go to https://protection.office.com , click Search -> Audit Log Search and click Turn On Auditing. May take 24 hours for auditing to fully activate.
@DeemOnSecurity DeemOnSecurity added documentation This issue or pull request improves or adds to documentation improvement This issue or pull request will add new or improve existing functionality labels Jan 12, 2021
@genericdevname
Copy link
Collaborator

Added documentation in the readme: Unified Audit Logs will need to be enabled.

However, users should ensure that the UAL is turned on prior to running Sparrow.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@DeemOnSecurity DeemOnSecurity

@genericdevname genericdevname

Labels
documentation This issue or pull request improves or adds to documentation improvement This issue or pull request will add new or improve existing functionality
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mpeck12 @DeemOnSecurity @genericdevname