# Pandora office 365 # Introduction It is defined as a server plugin, which generates an agent with each available office 365 service and the status of its features. # Compatibility matrix Developed in python 3.8. The compiled binary is distributed and does not require extra dependencies. # Pre requisites **System** Since it is a binary, it does not need specific dependencies for its execution. In Pandora environment It is required that the plugin server is enabled **General Permissions** *General graph to authenticate* [![image-1652094125204.png](https://pandorafms.com/guides/public/uploads/images/gallery/2022-05/scaled-1680-/image-1652094125204.png)](https://pandorafms.com/guides/public/uploads/images/gallery/2022-05/image-1652094125204.png) *To access to the service health and download the modules* [![image-1652094186265.png](https://pandorafms.com/guides/public/uploads/images/gallery/2022-05/scaled-1680-/image-1652094186265.png)](https://pandorafms.com/guides/public/uploads/images/gallery/2022-05/image-1652094186265.png) *Permissions logs* ![](https://pandorafms.com/guides/public/uploads/images/gallery/2022-05/image-1652093728668.png) And the following authentication elements: ● TenentID ● ClientID ● Secret # Configuration The plugin is executed by defining the corresponding parameters: ``` usage: pandora_o365 [-h] -c CLIENTID -t TENANTID -s SECRET [-a AGENT_NAME] [-p PREFIX] [-g GROUP] [-i INTERVAL] [-d DATA_IN] [-l] [-n] [--tentacle_address TENTACLE_ADDRESS] [--tentacle_port TENTACLE_PORT] [--tmp TMP] Pandora Office365 Status plugin ver. 3.0 optional arguments: -h, --help show this help message and exit -c CLIENTID, --clientid CLIENTID Authentication O365 client id -t TENANTID, --tenantid TENANTID Authentication O365 Tenant id -s SECRET, --secret SECRET Authentication O365 Secret -a AGENT_NAME, --agent_name AGENT_NAME Defined agent_name , default: pandora_o365 -p PREFIX, --prefix PREFIX Prefix for agent names, default O365 -g GROUP, --group GROUP Pandora agent group, default unknown -i INTERVAL, --interval INTERVAL Agent interval in seconds, default: 300 -d DATA_IN, --data_in DATA_IN Pandora server datain directory, default: /var/spool/pandora/data_in/ -l, --logs Get incidents messages to Pandora log collector -n, --nodata Ignores module data (usefull for log retreaving only) --tentacle_address TENTACLE_ADDRESS Define tentacle address for remote execution, Default=none --tentacle_port TENTACLE_PORT Define tentacle port for remote execution, Default=41121 --tmp TMP Pandora temporary file directory for remote execution only, default: /tmp/ ``` The required fields are the authentication fields: clientid, tenantid and secret. If you run only with the required fields you will obtain the data of the Agents/modules corresponding to each service. Optional fields: AGENT\_NAME: Name of the agent that will contain the services modules, by default is pandora\_o365. PREFIX: Prefix for the agents generated by the plugin execution by default is O365. GROUP: Group to which it will be marked in the XMls to assign the agents in Pandora. This group must exist in the environment, otherwise the agents will be assigned to the default group: unknown INTERVAL: Interval defined for each agent created by default 300 seconds, it should be equal or superior to the plugin execution interval. DATAIN: Location of the Pandora FMS environment data in directory, by default /var/spool/pandora/data\_in. TMP: Temporary directory where the data is stored before being copied to the data in. By default /tmp LOGS: Enables the log capture of the o365 incident messages and sends them to the pandora log collector. (The log collector must be configured in the environment). By default disabled. NODATA: Ignores agent and module data, useful if you want to run the plugin only to collect logs. By default disabled UTF8: Uses utf8, set to 0 if shell is not in utf8 values will be on raw bytes, default: 1 TENTACLE\_ADRESS: Ip of the tentacle server to send the data to. TENTACLE\_PORT: Tentacle port, default is 41121. # Manual execution Execution of the plugin: Binary version: ``` ./pandora_o365 -c -t -s ``` Optional parameters can be defined such as the location of the data\_in directory (-d), a prefix for the name of the generated agents (-p), the time interval defined for the agent (-i) and the group to which the agents are assigned (-g). ``` ./pandora_o365 -c -t -s -d -p -i -g -l ``` # Modules generated by the plugin El plugin creará un agente con el nombre que nosotros configuremos con el parámetro -a, que dispondrá de un módulo de status y otro de active issues por cada servicio. For example:

O365\_Bookings\_active\_issues

O365\_Bookings\_status

O365\_cloudappsecurity\_active\_issues

O365\_cloudappsecurity\_status

O365\_DynamicsAX\_active\_issues

O365\_DynamicsAX\_status

O365\_DynamicsCRM\_active\_issues

O365\_DynamicsCRM\_status

O365\_Exchange\_active\_issues

O365\_Exchange\_status

O365\_Forms\_active\_issues

O365\_Forms\_status

O365\_Intune\_active\_issues

O365\_Intune\_status

O365\_kaizalamessagingservices\_active\_issues

O365\_kaizalamessagingservices\_status

O365\_Lync\_active\_issues

O365\_Lync\_status

O365\_MicrosoftFlowM365\_active\_issues

O365\_MicrosoftFlowM365\_status

O365\_MicrosoftFlow\_active\_issues

O365\_MicrosoftFlow\_status

O365\_microsoftteams\_active\_issues

O365\_microsoftteams\_status

O365\_MobileDeviceManagement\_active\_issues

O365\_MobileDeviceManagement\_status

O365\_O365Client\_active\_issues

O365\_O365Client\_status

O365\_officeonline\_active\_issues

O365\_officeonline\_status

O365\_OneDriveForBusiness\_active\_issues

O365\_OneDriveForBusiness\_status

O365\_OrgLiveID\_active\_issues

O365\_OrgLiveID\_status

O365\_OSDPPlatform\_active\_issues

O365\_OSDPPlatform\_status

O365\_Planner\_active\_issues

O365\_Planner\_status

O365\_PowerAppsM365\_active\_issues

O365\_PowerAppsM365\_status

O365\_PowerApps\_active\_issues

O365\_PowerApps\_status

O365\_ProjectForTheWeb\_active\_issues

O365\_ProjectForTheWeb\_status

O365\_ProjectOnline\_active\_issues

O365\_ProjectOnline\_status

O365\_RMS\_active\_issues

O365\_RMS\_status

O365\_SharePoint\_active\_issues

O365\_SharePoint\_status

O365\_StaffHub\_active\_issues

O365\_StaffHub\_status

O365\_Stream\_active\_issues

O365\_Stream\_status

O365\_SwayEnterprise\_active\_issues

O365\_SwayEnterprise\_status

O365\_Viva\_active\_issues

O365\_Viva\_status

O365\_yammer\_active\_issues

O365\_yammer\_status

**Ejemplo de la vista de módulos en el agente** [![image-1652173609150.png](https://pandorafms.com/guides/public/uploads/images/gallery/2022-05/scaled-1680-/image-1652173609150.png)](https://pandorafms.com/guides/public/uploads/images/gallery/2022-05/image-1652173609150.png)