Pandora office 365
It is defined as a server plugin, which generates an agent with each available office 365 service and its features status.
available in office 365 and the status of its features.
- Introduction
- Compatibility matrix
- Pre requisites
- Configuration
- Manual execution
- Modules generated by the plugin
Introduction
It is defined as a server plugin, which generates an agent with each available office 365 service and the status of its features.
Compatibility matrix
Developed in python 3.8. The compiled binary is distributed and does not require extra dependencies.
Pre requisites
System
Since it is a binary, it does not need specific dependencies for its execution.
In Pandora environment
It is required that the plugin server is enabled
General Permissions
General graph to authenticate
To access to the service health and download the modules
Permissions logs
And the following authentication elements:
● TenentID
● ClientID
● Secret
Configuration
The plugin is executed by defining the corresponding parameters:
usage: pandora_o365 [-h] -c CLIENTID -t TENANTID -s SECRET [-a AGENT_NAME]
[-p PREFIX] [-g GROUP] [-i INTERVAL] [-d DATA_IN] [-l]
[-n] [--tentacle_address TENTACLE_ADDRESS]
[--tentacle_port TENTACLE_PORT] [--tmp TMP]
Pandora Office365 Status plugin ver. 3.0
optional arguments:
-h, --help show this help message and exit
-c CLIENTID, --clientid CLIENTID
Authentication O365 client id
-t TENANTID, --tenantid TENANTID
Authentication O365 Tenant id
-s SECRET, --secret SECRET
Authentication O365 Secret
-a AGENT_NAME, --agent_name AGENT_NAME
Defined agent_name , default: pandora_o365
-p PREFIX, --prefix PREFIX
Prefix for agent names, default O365
-g GROUP, --group GROUP
Pandora agent group, default unknown
-i INTERVAL, --interval INTERVAL
Agent interval in seconds, default: 300
-d DATA_IN, --data_in DATA_IN
Pandora server datain directory, default:
/var/spool/pandora/data_in/
-l, --logs Get incidents messages to Pandora log collector
-n, --nodata Ignores module data (usefull for log retreaving only)
--tentacle_address TENTACLE_ADDRESS
Define tentacle address for remote execution,
Default=none
--tentacle_port TENTACLE_PORT
Define tentacle port for remote execution,
Default=41121
--tmp TMP Pandora temporary file directory for remote execution
only, default: /tmp/
The required fields are the authentication fields: clientid, tenantid and secret.
If you run only with the required fields you will obtain the data of the Agents/modules corresponding to each service.
Optional fields:
AGENT_NAME: Name of the agent that will contain the services modules, by default is pandora_o365.
PREFIX: Prefix for the agents generated by the plugin execution by default is O365.
GROUP: Group to which it will be marked in the XMls to assign the agents in Pandora. This group must exist in the environment, otherwise the agents will be assigned to the default group: unknown
INTERVAL: Interval defined for each agent created by default 300 seconds, it should be equal or superior to the plugin execution interval.
DATAIN: Location of the Pandora FMS environment data in directory, by default /var/spool/pandora/data_in.
TMP: Temporary directory where the data is stored before being copied to the data in. By default /tmp
LOGS: Enables the log capture of the o365 incident messages and sends them to the pandora log collector. (The log collector must be configured in the environment). By default disabled.
NODATA: Ignores agent and module data, useful if you want to run the plugin only to collect logs. By default disabled
UTF8: Uses utf8, set to 0 if shell is not in utf8 values will be on raw bytes, default: 1
TENTACLE_ADRESS: Ip of the tentacle server to send the data to.
TENTACLE_PORT: Tentacle port, default is 41121.
Manual execution
Execution of the plugin:
Binary version:
./pandora_o365 -c <client-id> -t <tenant-id> -s <secret>
Optional parameters can be defined such as the location of the data_in directory (-d), a prefix for the name of the generated agents (-p), the time interval defined for the agent (-i) and the group to which the agents are assigned (-g).
./pandora_o365 -c <client-id> -t <tenant-id> -s <secret> -d <data-in directory> -p <prefix> -i <interval> -g <group-game> -l
Modules generated by the plugin
El plugin creará un agente con el nombre que nosotros configuremos con el parámetro -a, que dispondrá de un módulo de status y otro de active issues por cada servicio.
For example:
O365_Bookings_active_issues |
O365_Bookings_status |
O365_cloudappsecurity_active_issues |
O365_cloudappsecurity_status |
O365_DynamicsAX_active_issues |
O365_DynamicsAX_status |
O365_DynamicsCRM_active_issues |
O365_DynamicsCRM_status |
O365_Exchange_active_issues |
O365_Exchange_status |
O365_Forms_active_issues |
O365_Forms_status |
O365_Intune_active_issues |
O365_Intune_status |
O365_kaizalamessagingservices_active_issues |
O365_kaizalamessagingservices_status |
O365_Lync_active_issues |
O365_Lync_status |
O365_MicrosoftFlowM365_active_issues |
O365_MicrosoftFlowM365_status |
O365_MicrosoftFlow_active_issues |
O365_MicrosoftFlow_status |
O365_microsoftteams_active_issues |
O365_microsoftteams_status |
O365_MobileDeviceManagement_active_issues |
O365_MobileDeviceManagement_status |
O365_O365Client_active_issues |
O365_O365Client_status |
O365_officeonline_active_issues |
O365_officeonline_status |
O365_OneDriveForBusiness_active_issues |
O365_OneDriveForBusiness_status |
O365_OrgLiveID_active_issues |
O365_OrgLiveID_status |
O365_OSDPPlatform_active_issues |
O365_OSDPPlatform_status |
O365_Planner_active_issues |
O365_Planner_status |
O365_PowerAppsM365_active_issues |
O365_PowerAppsM365_status |
O365_PowerApps_active_issues |
O365_PowerApps_status |
O365_ProjectForTheWeb_active_issues |
O365_ProjectForTheWeb_status |
O365_ProjectOnline_active_issues |
O365_ProjectOnline_status |
O365_RMS_active_issues |
O365_RMS_status |
O365_SharePoint_active_issues |
O365_SharePoint_status |
O365_StaffHub_active_issues |
O365_StaffHub_status |
O365_Stream_active_issues |
O365_Stream_status |
O365_SwayEnterprise_active_issues |
O365_SwayEnterprise_status |
O365_Viva_active_issues |
O365_Viva_status |
O365_yammer_active_issues |
O365_yammer_status |
Ejemplo de la vista de módulos en el agente