Office365 integration scan messages enrichment #13958
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
The goal of this change is encrease the information about how Office365 integration works.
2 new messages are added, one when first scan runs, with the legend
Bookmark updated to '2022-06-16T18:21:58Z' for tenant <TenatanID> and subscription <SubscriptionID>, waiting '60' seconds to run first scan
, where the first date is the UTC date as the API request to Office365 server, and the'60' seconds
are the interval time. Second message is similar than first, it only change the wordnext
instead the wordfirst
, and it shows when bookmark is updated.'2022-06-16T18:21:58Z' for tenant <TenatanID> and subscription <SubscriptionID>, waiting '60' seconds to run first scan
Configuration options
ossec.conf
Logs example