cancel
Showing results for 
Search instead for 
Did you mean: 

Collect Exchange Audit Logs?

How do you integrate Exchange into SIEM?

How can the SIEM collect Exchange MailBox Audit Logs?

10 Replies

Re: Collect Exchange Audit Logs?

Re: Collect Exchange Audit Logs?

Thank you for responding!

I did not see MS Exchange in the attachment's list.

Does the SIEM collect Exchange logs via WMI?  Agent?  Or syslog?

Exchange Mailbox Audit logs are logs with information about non-owner mailbox access.  Exchange allows these audit logs to be exported via xml

Has anyone configured their SIEM to collect the Excange Administrator Audit Logs?

Re: Collect Exchange Audit Logs?

Hi,

We are collecting Exchange Message Tracking logs but it doesn't contain any audit events. I'm not sure if McAfee supports parsing of Exchange Audit logs. Raise a PER with McAfee.

Regards,

Vinaya

Highlighted
jal
Level 9
Report Inappropriate Content
Message 5 of 11

Re: Collect Exchange Audit Logs?

There is an event type that covers MEssage Tracking logs

Rule Name: MS_Exchange Event

Signature ID: 1022135

Normalization Name: Misc Application Event

How are you collecting Exchange Message Tracking logs ? using the Agent ? Any other solution ?

Its weird that Microsoft Exchange is listed in "supported" products without actually supporting Audit logs. Except if you have LOGBinder.

davidi
Level 7
Report Inappropriate Content
Message 6 of 11

Re: Collect Exchange Audit Logs?

Any update on this one?

I am sure, there are a few PERs open on this matter, has anyone got any feedback so far?

docdriza
Level 10
Report Inappropriate Content
Message 7 of 11

Re: Collect Exchange Audit Logs?

I have not received an update on this. I do not see the sig ID that is mentioned above in our environment.

Re: Collect Exchange Audit Logs?

I am not pretty sure but I think you can use the data collector in this case.

bjvista
Level 7
Report Inappropriate Content
Message 9 of 11

Re: Collect Exchange Audit Logs?

LOGbinder for Exchange will do the job.  You can download a fully functional 30 day free trial.  If you need more testing time you can just email our support team at support@logbinder.com and they will extend the license for you.  The install is quick and easy and I know you'll be happy with the results.

Re: Collect Exchange Audit Logs?

I think that it is not solution for this problem.

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center