CLOUD CONNECTOR

Microsoft SharePoint

SharePoint is a web-based collaborative platform that integrates with Microsoft Office.

As a consolidated API, Securonix integrates with the Microsoft Office 365 Management API for ingesting SharePoint relevant alerts and identify threats such as privilege escalation, data exfiltration, account compromise, and unusual account behavior, as well as insider threats.

Event Service/Module Event Types Related Threats Use Cases/Threat Packages Details
Access /Audit Access - creation, accept, expiry, grant, revoke, activation, Administrator - add/del, policy update, quota modify, RSS news feed, resource usage Privilege Escalation, Unusual Login Location, Rare Geolocation Identity and Access Analytics, Insider Threats Access and login activity events
Groups Management Group Creation/Edited/Deletion, Add/Edit/Remove Item, Add/Remove User to Group Privilege Escalation, Unusual Login Location, Rare Geolocation Identity and Access Analytics, Insider Threats Groups Management
Collaboration Type Modification - intranet/public DLP Insider Threats, DLP File/Folder collaboration activities
Data Governance Data Retention Create/Delete, Retention Policy Addition DLP Insider Threats, DLP Storage expiration and data retention
Files Access, copy, delete, modify, restore, preview, move, fetch, partial/full download, sync, viewed Abnormal File Access Behavior, Malware, DLP Insider Threats, Privilege Escalation, DLP File and folder management activities
Folders View, share, access, update, create, del , change DLP Insider Threats, Privilege Escalation, DLP Folder Permission Changes
Roles Administrator Role Change, Collaboration Role Change Privilege Escalation Insider Threats, Privilege Escalation User Role Management
Workflow Content workflow policy/automation addition, abnormal downloads Privilege Escalation, Abnormal File Downloads and Access Insider Threats, Privilege Escalation Workflow events
Sharing File/Folder Shared/Unshared, Share Expiry, Share Updates Competitor File Sharing, Non-Business Domains, Personal Account Sharing (DLP) Insider Threats, DLP, Privilege Escalation File/Folder Sharing Events
Tasks Task Create, Assign, Update Privilege Escalation Insider Threats, Privilege Escalation Task related events
User Management User Creation/Update/Editing/Deletion Privilege Escalation Insider Threats, Privilege Escalation User management events
Site Collections Site admin change request, add/create, rename, modify site admin Privilege Escalation Privilege Escalation Site Collection Events
Project Web App
Task Status Report - modify, create, delete, submit, access, remove, reject, save. Timesheet - save, reject, approve, submit. Workflow - create, modify, delete.
DLP, Unauthorized Sharing DLP, Privilege Escalation Project Web App events