CLOUD CONNECTOR
Microsoft SharePoint
SharePoint is a web-based collaborative platform that integrates with Microsoft Office.
As a consolidated API, Securonix integrates with the Microsoft Office 365 Management API for ingesting SharePoint relevant alerts and identify threats such as privilege escalation, data exfiltration, account compromise, and unusual account behavior, as well as insider threats.
| Event Service/Module | Event Types | Related Threats | Use Cases/Threat Packages | Details |
|---|---|---|---|---|
| Access /Audit | Access - creation, accept, expiry, grant, revoke, activation, Administrator - add/del, policy update, quota modify, RSS news feed, resource usage | Privilege Escalation, Unusual Login Location, Rare Geolocation | Identity and Access Analytics, Insider Threats | Access and login activity events |
| Groups Management | Group Creation/Edited/Deletion, Add/Edit/Remove Item, Add/Remove User to Group | Privilege Escalation, Unusual Login Location, Rare Geolocation | Identity and Access Analytics, Insider Threats | Groups Management |
| Collaboration | Type Modification - intranet/public | DLP | Insider Threats, DLP | File/Folder collaboration activities |
| Data Governance | Data Retention Create/Delete, Retention Policy Addition | DLP | Insider Threats, DLP | Storage expiration and data retention |
| Files | Access, copy, delete, modify, restore, preview, move, fetch, partial/full download, sync, viewed | Abnormal File Access Behavior, Malware, DLP | Insider Threats, Privilege Escalation, DLP | File and folder management activities |
| Folders | View, share, access, update, create, del , change | DLP | Insider Threats, Privilege Escalation, DLP | Folder Permission Changes |
| Roles | Administrator Role Change, Collaboration Role Change | Privilege Escalation | Insider Threats, Privilege Escalation | User Role Management |
| Workflow | Content workflow policy/automation addition, abnormal downloads | Privilege Escalation, Abnormal File Downloads and Access | Insider Threats, Privilege Escalation | Workflow events |
| Sharing | File/Folder Shared/Unshared, Share Expiry, Share Updates | Competitor File Sharing, Non-Business Domains, Personal Account Sharing (DLP) | Insider Threats, DLP, Privilege Escalation | File/Folder Sharing Events |
| Tasks | Task Create, Assign, Update | Privilege Escalation | Insider Threats, Privilege Escalation | Task related events |
| User Management | User Creation/Update/Editing/Deletion | Privilege Escalation | Insider Threats, Privilege Escalation | User management events |
| Site Collections | Site admin change request, add/create, rename, modify site admin | Privilege Escalation | Privilege Escalation | Site Collection Events |
|
Project Web App |
Task Status Report - modify, create, delete, submit, access, remove, reject, save. Timesheet - save, reject, approve, submit. Workflow - create, modify, delete. |
DLP, Unauthorized Sharing | DLP, Privilege Escalation | Project Web App events |