Viewing docs for sumologic 3.2.5
published on Thursday, Mar 26, 2026 by sumologic
published on Thursday, Mar 26, 2026 by sumologic
Viewing docs for sumologic 3.2.5
published on Thursday, Mar 26, 2026 by sumologic
published on Thursday, Mar 26, 2026 by sumologic
Provides a Sumologic O365 Audit source for collecting Office 365 audit logs and security events.
Example Usage
Basic O365 Exchange Audit Source
import * as pulumi from "@pulumi/pulumi";
import * as sumologic from "@pulumi/sumologic";
const o365Collector = new sumologic.Collector("o365_collector", {
name: "O365 Collector",
description: "Collector for O365 audit logs",
});
const exchangeAudit = new sumologic.O365AuditSource("exchange_audit", {
name: "o365-exchange-audit",
description: "O365 Exchange Audit Logs",
category: "o365/exchange",
collectorId: o365Collector.collectorId,
thirdPartyRef: {
resources: {
serviceType: "O365AuditNotification",
path: {
type: "O365NotificationPath",
workload: "Audit.Exchange",
region: "Commercial",
},
authentication: {
type: "O365AppRegistrationAuthentication",
tenantId: o365TenantId,
clientId: o365ClientId,
clientSecret: o365ClientSecret,
},
},
},
});
import pulumi
import pulumi_sumologic as sumologic
o365_collector = sumologic.Collector("o365_collector",
name="O365 Collector",
description="Collector for O365 audit logs")
exchange_audit = sumologic.O365AuditSource("exchange_audit",
name="o365-exchange-audit",
description="O365 Exchange Audit Logs",
category="o365/exchange",
collector_id=o365_collector.collector_id,
third_party_ref={
"resources": {
"service_type": "O365AuditNotification",
"path": {
"type": "O365NotificationPath",
"workload": "Audit.Exchange",
"region": "Commercial",
},
"authentication": {
"type": "O365AppRegistrationAuthentication",
"tenant_id": o365_tenant_id,
"client_id": o365_client_id,
"client_secret": o365_client_secret,
},
},
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/sumologic/v3/sumologic"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
o365Collector, err := sumologic.NewCollector(ctx, "o365_collector", &sumologic.CollectorArgs{
Name: pulumi.String("O365 Collector"),
Description: pulumi.String("Collector for O365 audit logs"),
})
if err != nil {
return err
}
_, err = sumologic.NewO365AuditSource(ctx, "exchange_audit", &sumologic.O365AuditSourceArgs{
Name: pulumi.String("o365-exchange-audit"),
Description: pulumi.String("O365 Exchange Audit Logs"),
Category: pulumi.String("o365/exchange"),
CollectorId: o365Collector.CollectorId,
ThirdPartyRef: &sumologic.O365AuditSourceThirdPartyRefArgs{
Resources: &sumologic.O365AuditSourceThirdPartyRefResourcesArgs{
ServiceType: pulumi.String("O365AuditNotification"),
Path: &sumologic.O365AuditSourceThirdPartyRefResourcesPathArgs{
Type: pulumi.String("O365NotificationPath"),
Workload: pulumi.String("Audit.Exchange"),
Region: pulumi.String("Commercial"),
},
Authentication: &sumologic.O365AuditSourceThirdPartyRefResourcesAuthenticationArgs{
Type: pulumi.String("O365AppRegistrationAuthentication"),
TenantId: pulumi.Any(o365TenantId),
ClientId: pulumi.Any(o365ClientId),
ClientSecret: pulumi.Any(o365ClientSecret),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Sumologic = Pulumi.Sumologic;
return await Deployment.RunAsync(() =>
{
var o365Collector = new Sumologic.Collector("o365_collector", new()
{
Name = "O365 Collector",
Description = "Collector for O365 audit logs",
});
var exchangeAudit = new Sumologic.O365AuditSource("exchange_audit", new()
{
Name = "o365-exchange-audit",
Description = "O365 Exchange Audit Logs",
Category = "o365/exchange",
CollectorId = o365Collector.CollectorId,
ThirdPartyRef = new Sumologic.Inputs.O365AuditSourceThirdPartyRefArgs
{
Resources = new Sumologic.Inputs.O365AuditSourceThirdPartyRefResourcesArgs
{
ServiceType = "O365AuditNotification",
Path = new Sumologic.Inputs.O365AuditSourceThirdPartyRefResourcesPathArgs
{
Type = "O365NotificationPath",
Workload = "Audit.Exchange",
Region = "Commercial",
},
Authentication = new Sumologic.Inputs.O365AuditSourceThirdPartyRefResourcesAuthenticationArgs
{
Type = "O365AppRegistrationAuthentication",
TenantId = o365TenantId,
ClientId = o365ClientId,
ClientSecret = o365ClientSecret,
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sumologic.Collector;
import com.pulumi.sumologic.CollectorArgs;
import com.pulumi.sumologic.O365AuditSource;
import com.pulumi.sumologic.O365AuditSourceArgs;
import com.pulumi.sumologic.inputs.O365AuditSourceThirdPartyRefArgs;
import com.pulumi.sumologic.inputs.O365AuditSourceThirdPartyRefResourcesArgs;
import com.pulumi.sumologic.inputs.O365AuditSourceThirdPartyRefResourcesPathArgs;
import com.pulumi.sumologic.inputs.O365AuditSourceThirdPartyRefResourcesAuthenticationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var o365Collector = new Collector("o365Collector", CollectorArgs.builder()
.name("O365 Collector")
.description("Collector for O365 audit logs")
.build());
var exchangeAudit = new O365AuditSource("exchangeAudit", O365AuditSourceArgs.builder()
.name("o365-exchange-audit")
.description("O365 Exchange Audit Logs")
.category("o365/exchange")
.collectorId(o365Collector.collectorId())
.thirdPartyRef(O365AuditSourceThirdPartyRefArgs.builder()
.resources(O365AuditSourceThirdPartyRefResourcesArgs.builder()
.serviceType("O365AuditNotification")
.path(O365AuditSourceThirdPartyRefResourcesPathArgs.builder()
.type("O365NotificationPath")
.workload("Audit.Exchange")
.region("Commercial")
.build())
.authentication(O365AuditSourceThirdPartyRefResourcesAuthenticationArgs.builder()
.type("O365AppRegistrationAuthentication")
.tenantId(o365TenantId)
.clientId(o365ClientId)
.clientSecret(o365ClientSecret)
.build())
.build())
.build())
.build());
}
}
resources:
o365Collector:
type: sumologic:Collector
name: o365_collector
properties:
name: O365 Collector
description: Collector for O365 audit logs
exchangeAudit:
type: sumologic:O365AuditSource
name: exchange_audit
properties:
name: o365-exchange-audit
description: O365 Exchange Audit Logs
category: o365/exchange
collectorId: ${o365Collector.collectorId}
thirdPartyRef:
resources:
serviceType: O365AuditNotification
path:
type: O365NotificationPath
workload: Audit.Exchange
region: Commercial
authentication:
type: O365AppRegistrationAuthentication
tenantId: ${o365TenantId}
clientId: ${o365ClientId}
clientSecret: ${o365ClientSecret}
O365 SharePoint Audit Source
import * as pulumi from "@pulumi/pulumi";
import * as sumologic from "@pulumi/sumologic";
const sharepointAudit = new sumologic.O365AuditSource("sharepoint_audit", {
name: "o365-sharepoint-audit",
description: "O365 SharePoint Audit Logs",
category: "o365/sharepoint",
collectorId: o365Collector.id,
thirdPartyRef: {
resources: {
serviceType: "O365AuditNotification",
path: {
type: "O365NotificationPath",
workload: "Audit.SharePoint",
region: "Commercial",
},
authentication: {
type: "O365AppRegistrationAuthentication",
tenantId: o365TenantId,
clientId: o365ClientId,
clientSecret: o365ClientSecret,
},
},
},
});
import pulumi
import pulumi_sumologic as sumologic
sharepoint_audit = sumologic.O365AuditSource("sharepoint_audit",
name="o365-sharepoint-audit",
description="O365 SharePoint Audit Logs",
category="o365/sharepoint",
collector_id=o365_collector["id"],
third_party_ref={
"resources": {
"service_type": "O365AuditNotification",
"path": {
"type": "O365NotificationPath",
"workload": "Audit.SharePoint",
"region": "Commercial",
},
"authentication": {
"type": "O365AppRegistrationAuthentication",
"tenant_id": o365_tenant_id,
"client_id": o365_client_id,
"client_secret": o365_client_secret,
},
},
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/sumologic/v3/sumologic"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sumologic.NewO365AuditSource(ctx, "sharepoint_audit", &sumologic.O365AuditSourceArgs{
Name: pulumi.String("o365-sharepoint-audit"),
Description: pulumi.String("O365 SharePoint Audit Logs"),
Category: pulumi.String("o365/sharepoint"),
CollectorId: pulumi.Any(o365Collector.Id),
ThirdPartyRef: &sumologic.O365AuditSourceThirdPartyRefArgs{
Resources: &sumologic.O365AuditSourceThirdPartyRefResourcesArgs{
ServiceType: pulumi.String("O365AuditNotification"),
Path: &sumologic.O365AuditSourceThirdPartyRefResourcesPathArgs{
Type: pulumi.String("O365NotificationPath"),
Workload: pulumi.String("Audit.SharePoint"),
Region: pulumi.String("Commercial"),
},
Authentication: &sumologic.O365AuditSourceThirdPartyRefResourcesAuthenticationArgs{
Type: pulumi.String("O365AppRegistrationAuthentication"),
TenantId: pulumi.Any(o365TenantId),
ClientId: pulumi.Any(o365ClientId),
ClientSecret: pulumi.Any(o365ClientSecret),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Sumologic = Pulumi.Sumologic;
return await Deployment.RunAsync(() =>
{
var sharepointAudit = new Sumologic.O365AuditSource("sharepoint_audit", new()
{
Name = "o365-sharepoint-audit",
Description = "O365 SharePoint Audit Logs",
Category = "o365/sharepoint",
CollectorId = o365Collector.Id,
ThirdPartyRef = new Sumologic.Inputs.O365AuditSourceThirdPartyRefArgs
{
Resources = new Sumologic.Inputs.O365AuditSourceThirdPartyRefResourcesArgs
{
ServiceType = "O365AuditNotification",
Path = new Sumologic.Inputs.O365AuditSourceThirdPartyRefResourcesPathArgs
{
Type = "O365NotificationPath",
Workload = "Audit.SharePoint",
Region = "Commercial",
},
Authentication = new Sumologic.Inputs.O365AuditSourceThirdPartyRefResourcesAuthenticationArgs
{
Type = "O365AppRegistrationAuthentication",
TenantId = o365TenantId,
ClientId = o365ClientId,
ClientSecret = o365ClientSecret,
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sumologic.O365AuditSource;
import com.pulumi.sumologic.O365AuditSourceArgs;
import com.pulumi.sumologic.inputs.O365AuditSourceThirdPartyRefArgs;
import com.pulumi.sumologic.inputs.O365AuditSourceThirdPartyRefResourcesArgs;
import com.pulumi.sumologic.inputs.O365AuditSourceThirdPartyRefResourcesPathArgs;
import com.pulumi.sumologic.inputs.O365AuditSourceThirdPartyRefResourcesAuthenticationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var sharepointAudit = new O365AuditSource("sharepointAudit", O365AuditSourceArgs.builder()
.name("o365-sharepoint-audit")
.description("O365 SharePoint Audit Logs")
.category("o365/sharepoint")
.collectorId(o365Collector.id())
.thirdPartyRef(O365AuditSourceThirdPartyRefArgs.builder()
.resources(O365AuditSourceThirdPartyRefResourcesArgs.builder()
.serviceType("O365AuditNotification")
.path(O365AuditSourceThirdPartyRefResourcesPathArgs.builder()
.type("O365NotificationPath")
.workload("Audit.SharePoint")
.region("Commercial")
.build())
.authentication(O365AuditSourceThirdPartyRefResourcesAuthenticationArgs.builder()
.type("O365AppRegistrationAuthentication")
.tenantId(o365TenantId)
.clientId(o365ClientId)
.clientSecret(o365ClientSecret)
.build())
.build())
.build())
.build());
}
}
resources:
sharepointAudit:
type: sumologic:O365AuditSource
name: sharepoint_audit
properties:
name: o365-sharepoint-audit
description: O365 SharePoint Audit Logs
category: o365/sharepoint
collectorId: ${o365Collector.id}
thirdPartyRef:
resources:
serviceType: O365AuditNotification
path:
type: O365NotificationPath
workload: Audit.SharePoint
region: Commercial
authentication:
type: O365AppRegistrationAuthentication
tenantId: ${o365TenantId}
clientId: ${o365ClientId}
clientSecret: ${o365ClientSecret}
O365 Azure Active Directory Audit Source for GCC High
import * as pulumi from "@pulumi/pulumi";
import * as sumologic from "@pulumi/sumologic";
const azureadAudit = new sumologic.O365AuditSource("azuread_audit", {
name: "o365-azuread-audit",
description: "O365 Azure AD Audit Logs",
category: "o365/azuread",
collectorId: o365Collector.id,
thirdPartyRef: {
resources: {
serviceType: "O365AuditNotification",
path: {
type: "O365NotificationPath",
workload: "Audit.AzureActiveDirectory",
region: "GCC High",
},
authentication: {
type: "O365AppRegistrationAuthentication",
tenantId: o365TenantId,
clientId: o365ClientId,
clientSecret: o365ClientSecret,
},
},
},
});
import pulumi
import pulumi_sumologic as sumologic
azuread_audit = sumologic.O365AuditSource("azuread_audit",
name="o365-azuread-audit",
description="O365 Azure AD Audit Logs",
category="o365/azuread",
collector_id=o365_collector["id"],
third_party_ref={
"resources": {
"service_type": "O365AuditNotification",
"path": {
"type": "O365NotificationPath",
"workload": "Audit.AzureActiveDirectory",
"region": "GCC High",
},
"authentication": {
"type": "O365AppRegistrationAuthentication",
"tenant_id": o365_tenant_id,
"client_id": o365_client_id,
"client_secret": o365_client_secret,
},
},
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/sumologic/v3/sumologic"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sumologic.NewO365AuditSource(ctx, "azuread_audit", &sumologic.O365AuditSourceArgs{
Name: pulumi.String("o365-azuread-audit"),
Description: pulumi.String("O365 Azure AD Audit Logs"),
Category: pulumi.String("o365/azuread"),
CollectorId: pulumi.Any(o365Collector.Id),
ThirdPartyRef: &sumologic.O365AuditSourceThirdPartyRefArgs{
Resources: &sumologic.O365AuditSourceThirdPartyRefResourcesArgs{
ServiceType: pulumi.String("O365AuditNotification"),
Path: &sumologic.O365AuditSourceThirdPartyRefResourcesPathArgs{
Type: pulumi.String("O365NotificationPath"),
Workload: pulumi.String("Audit.AzureActiveDirectory"),
Region: pulumi.String("GCC High"),
},
Authentication: &sumologic.O365AuditSourceThirdPartyRefResourcesAuthenticationArgs{
Type: pulumi.String("O365AppRegistrationAuthentication"),
TenantId: pulumi.Any(o365TenantId),
ClientId: pulumi.Any(o365ClientId),
ClientSecret: pulumi.Any(o365ClientSecret),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Sumologic = Pulumi.Sumologic;
return await Deployment.RunAsync(() =>
{
var azureadAudit = new Sumologic.O365AuditSource("azuread_audit", new()
{
Name = "o365-azuread-audit",
Description = "O365 Azure AD Audit Logs",
Category = "o365/azuread",
CollectorId = o365Collector.Id,
ThirdPartyRef = new Sumologic.Inputs.O365AuditSourceThirdPartyRefArgs
{
Resources = new Sumologic.Inputs.O365AuditSourceThirdPartyRefResourcesArgs
{
ServiceType = "O365AuditNotification",
Path = new Sumologic.Inputs.O365AuditSourceThirdPartyRefResourcesPathArgs
{
Type = "O365NotificationPath",
Workload = "Audit.AzureActiveDirectory",
Region = "GCC High",
},
Authentication = new Sumologic.Inputs.O365AuditSourceThirdPartyRefResourcesAuthenticationArgs
{
Type = "O365AppRegistrationAuthentication",
TenantId = o365TenantId,
ClientId = o365ClientId,
ClientSecret = o365ClientSecret,
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sumologic.O365AuditSource;
import com.pulumi.sumologic.O365AuditSourceArgs;
import com.pulumi.sumologic.inputs.O365AuditSourceThirdPartyRefArgs;
import com.pulumi.sumologic.inputs.O365AuditSourceThirdPartyRefResourcesArgs;
import com.pulumi.sumologic.inputs.O365AuditSourceThirdPartyRefResourcesPathArgs;
import com.pulumi.sumologic.inputs.O365AuditSourceThirdPartyRefResourcesAuthenticationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var azureadAudit = new O365AuditSource("azureadAudit", O365AuditSourceArgs.builder()
.name("o365-azuread-audit")
.description("O365 Azure AD Audit Logs")
.category("o365/azuread")
.collectorId(o365Collector.id())
.thirdPartyRef(O365AuditSourceThirdPartyRefArgs.builder()
.resources(O365AuditSourceThirdPartyRefResourcesArgs.builder()
.serviceType("O365AuditNotification")
.path(O365AuditSourceThirdPartyRefResourcesPathArgs.builder()
.type("O365NotificationPath")
.workload("Audit.AzureActiveDirectory")
.region("GCC High")
.build())
.authentication(O365AuditSourceThirdPartyRefResourcesAuthenticationArgs.builder()
.type("O365AppRegistrationAuthentication")
.tenantId(o365TenantId)
.clientId(o365ClientId)
.clientSecret(o365ClientSecret)
.build())
.build())
.build())
.build());
}
}
resources:
azureadAudit:
type: sumologic:O365AuditSource
name: azuread_audit
properties:
name: o365-azuread-audit
description: O365 Azure AD Audit Logs
category: o365/azuread
collectorId: ${o365Collector.id}
thirdPartyRef:
resources:
serviceType: O365AuditNotification
path:
type: O365NotificationPath
workload: Audit.AzureActiveDirectory
region: GCC High
authentication:
type: O365AppRegistrationAuthentication
tenantId: ${o365TenantId}
clientId: ${o365ClientId}
clientSecret: ${o365ClientSecret}
O365 DLP Source
import * as pulumi from "@pulumi/pulumi";
import * as sumologic from "@pulumi/sumologic";
const dlpLogs = new sumologic.O365AuditSource("dlp_logs", {
name: "o365-dlp-logs",
description: "O365 Data Loss Prevention Logs",
category: "o365/dlp",
collectorId: o365Collector.id,
thirdPartyRef: {
resources: {
serviceType: "O365AuditNotification",
path: {
type: "O365NotificationPath",
workload: "DLP.All",
region: "Commercial",
},
authentication: {
type: "O365AppRegistrationAuthentication",
tenantId: o365TenantId,
clientId: o365ClientId,
clientSecret: o365ClientSecret,
},
},
},
});
import pulumi
import pulumi_sumologic as sumologic
dlp_logs = sumologic.O365AuditSource("dlp_logs",
name="o365-dlp-logs",
description="O365 Data Loss Prevention Logs",
category="o365/dlp",
collector_id=o365_collector["id"],
third_party_ref={
"resources": {
"service_type": "O365AuditNotification",
"path": {
"type": "O365NotificationPath",
"workload": "DLP.All",
"region": "Commercial",
},
"authentication": {
"type": "O365AppRegistrationAuthentication",
"tenant_id": o365_tenant_id,
"client_id": o365_client_id,
"client_secret": o365_client_secret,
},
},
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/sumologic/v3/sumologic"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sumologic.NewO365AuditSource(ctx, "dlp_logs", &sumologic.O365AuditSourceArgs{
Name: pulumi.String("o365-dlp-logs"),
Description: pulumi.String("O365 Data Loss Prevention Logs"),
Category: pulumi.String("o365/dlp"),
CollectorId: pulumi.Any(o365Collector.Id),
ThirdPartyRef: &sumologic.O365AuditSourceThirdPartyRefArgs{
Resources: &sumologic.O365AuditSourceThirdPartyRefResourcesArgs{
ServiceType: pulumi.String("O365AuditNotification"),
Path: &sumologic.O365AuditSourceThirdPartyRefResourcesPathArgs{
Type: pulumi.String("O365NotificationPath"),
Workload: pulumi.String("DLP.All"),
Region: pulumi.String("Commercial"),
},
Authentication: &sumologic.O365AuditSourceThirdPartyRefResourcesAuthenticationArgs{
Type: pulumi.String("O365AppRegistrationAuthentication"),
TenantId: pulumi.Any(o365TenantId),
ClientId: pulumi.Any(o365ClientId),
ClientSecret: pulumi.Any(o365ClientSecret),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Sumologic = Pulumi.Sumologic;
return await Deployment.RunAsync(() =>
{
var dlpLogs = new Sumologic.O365AuditSource("dlp_logs", new()
{
Name = "o365-dlp-logs",
Description = "O365 Data Loss Prevention Logs",
Category = "o365/dlp",
CollectorId = o365Collector.Id,
ThirdPartyRef = new Sumologic.Inputs.O365AuditSourceThirdPartyRefArgs
{
Resources = new Sumologic.Inputs.O365AuditSourceThirdPartyRefResourcesArgs
{
ServiceType = "O365AuditNotification",
Path = new Sumologic.Inputs.O365AuditSourceThirdPartyRefResourcesPathArgs
{
Type = "O365NotificationPath",
Workload = "DLP.All",
Region = "Commercial",
},
Authentication = new Sumologic.Inputs.O365AuditSourceThirdPartyRefResourcesAuthenticationArgs
{
Type = "O365AppRegistrationAuthentication",
TenantId = o365TenantId,
ClientId = o365ClientId,
ClientSecret = o365ClientSecret,
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sumologic.O365AuditSource;
import com.pulumi.sumologic.O365AuditSourceArgs;
import com.pulumi.sumologic.inputs.O365AuditSourceThirdPartyRefArgs;
import com.pulumi.sumologic.inputs.O365AuditSourceThirdPartyRefResourcesArgs;
import com.pulumi.sumologic.inputs.O365AuditSourceThirdPartyRefResourcesPathArgs;
import com.pulumi.sumologic.inputs.O365AuditSourceThirdPartyRefResourcesAuthenticationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var dlpLogs = new O365AuditSource("dlpLogs", O365AuditSourceArgs.builder()
.name("o365-dlp-logs")
.description("O365 Data Loss Prevention Logs")
.category("o365/dlp")
.collectorId(o365Collector.id())
.thirdPartyRef(O365AuditSourceThirdPartyRefArgs.builder()
.resources(O365AuditSourceThirdPartyRefResourcesArgs.builder()
.serviceType("O365AuditNotification")
.path(O365AuditSourceThirdPartyRefResourcesPathArgs.builder()
.type("O365NotificationPath")
.workload("DLP.All")
.region("Commercial")
.build())
.authentication(O365AuditSourceThirdPartyRefResourcesAuthenticationArgs.builder()
.type("O365AppRegistrationAuthentication")
.tenantId(o365TenantId)
.clientId(o365ClientId)
.clientSecret(o365ClientSecret)
.build())
.build())
.build())
.build());
}
}
resources:
dlpLogs:
type: sumologic:O365AuditSource
name: dlp_logs
properties:
name: o365-dlp-logs
description: O365 Data Loss Prevention Logs
category: o365/dlp
collectorId: ${o365Collector.id}
thirdPartyRef:
resources:
serviceType: O365AuditNotification
path:
type: O365NotificationPath
workload: DLP.All
region: Commercial
authentication:
type: O365AppRegistrationAuthentication
tenantId: ${o365TenantId}
clientId: ${o365ClientId}
clientSecret: ${o365ClientSecret}
Prerequisites
Before creating an O365 Audit source, you need to:
- Register an Azure AD Application in your Office 365 tenant
- Configure API Permissions for the Office 365 Management APIs:
ActivityFeed.Read- Read activity data for your organizationActivityFeed.ReadDlp- Read DLP policy events including detected sensitive data
- Create a Client Secret for the application
- Grant Admin Consent for the permissions
For detailed setup instructions, see the Office 365 Management Activity API documentation.
Notes
- Each workload type requires a separate source configuration.
- Make sure your Azure AD application has been granted admin consent before creating the source.
- The source will automatically subscribe to the specified Office 365 audit log content type.
Create O365AuditSource Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new O365AuditSource(name: string, args: O365AuditSourceArgs, opts?: CustomResourceOptions);@overload
def O365AuditSource(resource_name: str,
args: O365AuditSourceArgs,
opts: Optional[ResourceOptions] = None)
@overload
def O365AuditSource(resource_name: str,
opts: Optional[ResourceOptions] = None,
collector_id: Optional[float] = None,
third_party_ref: Optional[O365AuditSourceThirdPartyRefArgs] = None,
hash_algorithm: Optional[str] = None,
host_name: Optional[str] = None,
cutoff_timestamp: Optional[float] = None,
default_date_formats: Optional[Sequence[O365AuditSourceDefaultDateFormatArgs]] = None,
description: Optional[str] = None,
fields: Optional[Mapping[str, str]] = None,
filters: Optional[Sequence[O365AuditSourceFilterArgs]] = None,
force_timezone: Optional[bool] = None,
automatic_date_parsing: Optional[bool] = None,
cutoff_relative_time: Optional[str] = None,
manual_prefix_regexp: Optional[str] = None,
message_per_request: Optional[bool] = None,
multiline_processing_enabled: Optional[bool] = None,
name: Optional[str] = None,
o365_audit_source_id: Optional[str] = None,
category: Optional[str] = None,
timezone: Optional[str] = None,
use_autoline_matching: Optional[bool] = None)func NewO365AuditSource(ctx *Context, name string, args O365AuditSourceArgs, opts ...ResourceOption) (*O365AuditSource, error)public O365AuditSource(string name, O365AuditSourceArgs args, CustomResourceOptions? opts = null)
public O365AuditSource(String name, O365AuditSourceArgs args)
public O365AuditSource(String name, O365AuditSourceArgs args, CustomResourceOptions options)
type: sumologic:O365AuditSource
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args O365AuditSourceArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args O365AuditSourceArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args O365AuditSourceArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args O365AuditSourceArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args O365AuditSourceArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var o365auditSourceResource = new Sumologic.Index.O365AuditSource("o365auditSourceResource", new()
{
CollectorId = 0,
ThirdPartyRef = new Sumologic.Inputs.O365AuditSourceThirdPartyRefArgs
{
Resources = new Sumologic.Inputs.O365AuditSourceThirdPartyRefResourcesArgs
{
Authentication = new Sumologic.Inputs.O365AuditSourceThirdPartyRefResourcesAuthenticationArgs
{
ClientId = "string",
ClientSecret = "string",
TenantId = "string",
Type = "string",
},
Path = new Sumologic.Inputs.O365AuditSourceThirdPartyRefResourcesPathArgs
{
Region = "string",
Type = "string",
Workload = "string",
},
ServiceType = "string",
},
},
HashAlgorithm = "string",
HostName = "string",
CutoffTimestamp = 0,
DefaultDateFormats = new[]
{
new Sumologic.Inputs.O365AuditSourceDefaultDateFormatArgs
{
Format = "string",
Locator = "string",
},
},
Description = "string",
Fields =
{
{ "string", "string" },
},
Filters = new[]
{
new Sumologic.Inputs.O365AuditSourceFilterArgs
{
FilterType = "string",
Name = "string",
Regexp = "string",
Mask = "string",
},
},
ForceTimezone = false,
AutomaticDateParsing = false,
CutoffRelativeTime = "string",
ManualPrefixRegexp = "string",
MessagePerRequest = false,
MultilineProcessingEnabled = false,
Name = "string",
O365AuditSourceId = "string",
Category = "string",
Timezone = "string",
UseAutolineMatching = false,
});
example, err := sumologic.NewO365AuditSource(ctx, "o365auditSourceResource", &sumologic.O365AuditSourceArgs{
CollectorId: pulumi.Float64(0),
ThirdPartyRef: &sumologic.O365AuditSourceThirdPartyRefArgs{
Resources: &sumologic.O365AuditSourceThirdPartyRefResourcesArgs{
Authentication: &sumologic.O365AuditSourceThirdPartyRefResourcesAuthenticationArgs{
ClientId: pulumi.String("string"),
ClientSecret: pulumi.String("string"),
TenantId: pulumi.String("string"),
Type: pulumi.String("string"),
},
Path: &sumologic.O365AuditSourceThirdPartyRefResourcesPathArgs{
Region: pulumi.String("string"),
Type: pulumi.String("string"),
Workload: pulumi.String("string"),
},
ServiceType: pulumi.String("string"),
},
},
HashAlgorithm: pulumi.String("string"),
HostName: pulumi.String("string"),
CutoffTimestamp: pulumi.Float64(0),
DefaultDateFormats: sumologic.O365AuditSourceDefaultDateFormatArray{
&sumologic.O365AuditSourceDefaultDateFormatArgs{
Format: pulumi.String("string"),
Locator: pulumi.String("string"),
},
},
Description: pulumi.String("string"),
Fields: pulumi.StringMap{
"string": pulumi.String("string"),
},
Filters: sumologic.O365AuditSourceFilterArray{
&sumologic.O365AuditSourceFilterArgs{
FilterType: pulumi.String("string"),
Name: pulumi.String("string"),
Regexp: pulumi.String("string"),
Mask: pulumi.String("string"),
},
},
ForceTimezone: pulumi.Bool(false),
AutomaticDateParsing: pulumi.Bool(false),
CutoffRelativeTime: pulumi.String("string"),
ManualPrefixRegexp: pulumi.String("string"),
MessagePerRequest: pulumi.Bool(false),
MultilineProcessingEnabled: pulumi.Bool(false),
Name: pulumi.String("string"),
O365AuditSourceId: pulumi.String("string"),
Category: pulumi.String("string"),
Timezone: pulumi.String("string"),
UseAutolineMatching: pulumi.Bool(false),
})
var o365auditSourceResource = new O365AuditSource("o365auditSourceResource", O365AuditSourceArgs.builder()
.collectorId(0.0)
.thirdPartyRef(O365AuditSourceThirdPartyRefArgs.builder()
.resources(O365AuditSourceThirdPartyRefResourcesArgs.builder()
.authentication(O365AuditSourceThirdPartyRefResourcesAuthenticationArgs.builder()
.clientId("string")
.clientSecret("string")
.tenantId("string")
.type("string")
.build())
.path(O365AuditSourceThirdPartyRefResourcesPathArgs.builder()
.region("string")
.type("string")
.workload("string")
.build())
.serviceType("string")
.build())
.build())
.hashAlgorithm("string")
.hostName("string")
.cutoffTimestamp(0.0)
.defaultDateFormats(O365AuditSourceDefaultDateFormatArgs.builder()
.format("string")
.locator("string")
.build())
.description("string")
.fields(Map.of("string", "string"))
.filters(O365AuditSourceFilterArgs.builder()
.filterType("string")
.name("string")
.regexp("string")
.mask("string")
.build())
.forceTimezone(false)
.automaticDateParsing(false)
.cutoffRelativeTime("string")
.manualPrefixRegexp("string")
.messagePerRequest(false)
.multilineProcessingEnabled(false)
.name("string")
.o365AuditSourceId("string")
.category("string")
.timezone("string")
.useAutolineMatching(false)
.build());
o365audit_source_resource = sumologic.O365AuditSource("o365auditSourceResource",
collector_id=0,
third_party_ref={
"resources": {
"authentication": {
"client_id": "string",
"client_secret": "string",
"tenant_id": "string",
"type": "string",
},
"path": {
"region": "string",
"type": "string",
"workload": "string",
},
"service_type": "string",
},
},
hash_algorithm="string",
host_name="string",
cutoff_timestamp=0,
default_date_formats=[{
"format": "string",
"locator": "string",
}],
description="string",
fields={
"string": "string",
},
filters=[{
"filter_type": "string",
"name": "string",
"regexp": "string",
"mask": "string",
}],
force_timezone=False,
automatic_date_parsing=False,
cutoff_relative_time="string",
manual_prefix_regexp="string",
message_per_request=False,
multiline_processing_enabled=False,
name="string",
o365_audit_source_id="string",
category="string",
timezone="string",
use_autoline_matching=False)
const o365auditSourceResource = new sumologic.O365AuditSource("o365auditSourceResource", {
collectorId: 0,
thirdPartyRef: {
resources: {
authentication: {
clientId: "string",
clientSecret: "string",
tenantId: "string",
type: "string",
},
path: {
region: "string",
type: "string",
workload: "string",
},
serviceType: "string",
},
},
hashAlgorithm: "string",
hostName: "string",
cutoffTimestamp: 0,
defaultDateFormats: [{
format: "string",
locator: "string",
}],
description: "string",
fields: {
string: "string",
},
filters: [{
filterType: "string",
name: "string",
regexp: "string",
mask: "string",
}],
forceTimezone: false,
automaticDateParsing: false,
cutoffRelativeTime: "string",
manualPrefixRegexp: "string",
messagePerRequest: false,
multilineProcessingEnabled: false,
name: "string",
o365AuditSourceId: "string",
category: "string",
timezone: "string",
useAutolineMatching: false,
});
type: sumologic:O365AuditSource
properties:
automaticDateParsing: false
category: string
collectorId: 0
cutoffRelativeTime: string
cutoffTimestamp: 0
defaultDateFormats:
- format: string
locator: string
description: string
fields:
string: string
filters:
- filterType: string
mask: string
name: string
regexp: string
forceTimezone: false
hashAlgorithm: string
hostName: string
manualPrefixRegexp: string
messagePerRequest: false
multilineProcessingEnabled: false
name: string
o365AuditSourceId: string
thirdPartyRef:
resources:
authentication:
clientId: string
clientSecret: string
tenantId: string
type: string
path:
region: string
type: string
workload: string
serviceType: string
timezone: string
useAutolineMatching: false
O365AuditSource Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The O365AuditSource resource accepts the following input properties:
- Collector
Id double - Third
Party O365AuditRef Source Third Party Ref - Configuration block for O365 third-party reference.
- Automatic
Date boolParsing - Category string
- Cutoff
Relative stringTime - Cutoff
Timestamp double - Default
Date List<O365AuditFormats Source Default Date Format> - Description string
- Fields Dictionary<string, string>
- Filters
List<O365Audit
Source Filter> - Force
Timezone bool - Hash
Algorithm string - Host
Name string - Manual
Prefix stringRegexp - Message
Per boolRequest - Multiline
Processing boolEnabled - Name string
- O365Audit
Source stringId - The internal ID of the source.
- Timezone string
- Use
Autoline boolMatching
- Collector
Id float64 - Third
Party O365AuditRef Source Third Party Ref Args - Configuration block for O365 third-party reference.
- Automatic
Date boolParsing - Category string
- Cutoff
Relative stringTime - Cutoff
Timestamp float64 - Default
Date []O365AuditFormats Source Default Date Format Args - Description string
- Fields map[string]string
- Filters
[]O365Audit
Source Filter Args - Force
Timezone bool - Hash
Algorithm string - Host
Name string - Manual
Prefix stringRegexp - Message
Per boolRequest - Multiline
Processing boolEnabled - Name string
- O365Audit
Source stringId - The internal ID of the source.
- Timezone string
- Use
Autoline boolMatching
- collector
Id Double - third
Party O365AuditRef Source Third Party Ref - Configuration block for O365 third-party reference.
- automatic
Date BooleanParsing - category String
- cutoff
Relative StringTime - cutoff
Timestamp Double - default
Date List<O365AuditFormats Source Default Date Format> - description String
- fields Map<String,String>
- filters
List<O365Audit
Source Filter> - force
Timezone Boolean - hash
Algorithm String - host
Name String - manual
Prefix StringRegexp - message
Per BooleanRequest - multiline
Processing BooleanEnabled - name String
- o365Audit
Source StringId - The internal ID of the source.
- timezone String
- use
Autoline BooleanMatching
- collector
Id number - third
Party O365AuditRef Source Third Party Ref - Configuration block for O365 third-party reference.
- automatic
Date booleanParsing - category string
- cutoff
Relative stringTime - cutoff
Timestamp number - default
Date O365AuditFormats Source Default Date Format[] - description string
- fields {[key: string]: string}
- filters
O365Audit
Source Filter[] - force
Timezone boolean - hash
Algorithm string - host
Name string - manual
Prefix stringRegexp - message
Per booleanRequest - multiline
Processing booleanEnabled - name string
- o365Audit
Source stringId - The internal ID of the source.
- timezone string
- use
Autoline booleanMatching
- collector_
id float - third_
party_ O365Auditref Source Third Party Ref Args - Configuration block for O365 third-party reference.
- automatic_
date_ boolparsing - category str
- cutoff_
relative_ strtime - cutoff_
timestamp float - default_
date_ Sequence[O365Auditformats Source Default Date Format Args] - description str
- fields Mapping[str, str]
- filters
Sequence[O365Audit
Source Filter Args] - force_
timezone bool - hash_
algorithm str - host_
name str - manual_
prefix_ strregexp - message_
per_ boolrequest - multiline_
processing_ boolenabled - name str
- o365_
audit_ strsource_ id - The internal ID of the source.
- timezone str
- use_
autoline_ boolmatching
- collector
Id Number - third
Party Property MapRef - Configuration block for O365 third-party reference.
- automatic
Date BooleanParsing - category String
- cutoff
Relative StringTime - cutoff
Timestamp Number - default
Date List<Property Map>Formats - description String
- fields Map<String>
- filters List<Property Map>
- force
Timezone Boolean - hash
Algorithm String - host
Name String - manual
Prefix StringRegexp - message
Per BooleanRequest - multiline
Processing BooleanEnabled - name String
- o365Audit
Source StringId - The internal ID of the source.
- timezone String
- use
Autoline BooleanMatching
Outputs
All input properties are implicitly available as output properties. Additionally, the O365AuditSource resource produces the following output properties:
- Content
Type string - Id string
- The provider-assigned unique ID for this managed resource.
- Url string
- The HTTP endpoint to use for receiving O365 audit notifications.
- Content
Type string - Id string
- The provider-assigned unique ID for this managed resource.
- Url string
- The HTTP endpoint to use for receiving O365 audit notifications.
- content
Type String - id String
- The provider-assigned unique ID for this managed resource.
- url String
- The HTTP endpoint to use for receiving O365 audit notifications.
- content
Type string - id string
- The provider-assigned unique ID for this managed resource.
- url string
- The HTTP endpoint to use for receiving O365 audit notifications.
- content_
type str - id str
- The provider-assigned unique ID for this managed resource.
- url str
- The HTTP endpoint to use for receiving O365 audit notifications.
- content
Type String - id String
- The provider-assigned unique ID for this managed resource.
- url String
- The HTTP endpoint to use for receiving O365 audit notifications.
Look up Existing O365AuditSource Resource
Get an existing O365AuditSource resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: O365AuditSourceState, opts?: CustomResourceOptions): O365AuditSource@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
automatic_date_parsing: Optional[bool] = None,
category: Optional[str] = None,
collector_id: Optional[float] = None,
content_type: Optional[str] = None,
cutoff_relative_time: Optional[str] = None,
cutoff_timestamp: Optional[float] = None,
default_date_formats: Optional[Sequence[O365AuditSourceDefaultDateFormatArgs]] = None,
description: Optional[str] = None,
fields: Optional[Mapping[str, str]] = None,
filters: Optional[Sequence[O365AuditSourceFilterArgs]] = None,
force_timezone: Optional[bool] = None,
hash_algorithm: Optional[str] = None,
host_name: Optional[str] = None,
manual_prefix_regexp: Optional[str] = None,
message_per_request: Optional[bool] = None,
multiline_processing_enabled: Optional[bool] = None,
name: Optional[str] = None,
o365_audit_source_id: Optional[str] = None,
third_party_ref: Optional[O365AuditSourceThirdPartyRefArgs] = None,
timezone: Optional[str] = None,
url: Optional[str] = None,
use_autoline_matching: Optional[bool] = None) -> O365AuditSourcefunc GetO365AuditSource(ctx *Context, name string, id IDInput, state *O365AuditSourceState, opts ...ResourceOption) (*O365AuditSource, error)public static O365AuditSource Get(string name, Input<string> id, O365AuditSourceState? state, CustomResourceOptions? opts = null)public static O365AuditSource get(String name, Output<String> id, O365AuditSourceState state, CustomResourceOptions options)resources: _: type: sumologic:O365AuditSource get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Automatic
Date boolParsing - Category string
- Collector
Id double - Content
Type string - Cutoff
Relative stringTime - Cutoff
Timestamp double - Default
Date List<O365AuditFormats Source Default Date Format> - Description string
- Fields Dictionary<string, string>
- Filters
List<O365Audit
Source Filter> - Force
Timezone bool - Hash
Algorithm string - Host
Name string - Manual
Prefix stringRegexp - Message
Per boolRequest - Multiline
Processing boolEnabled - Name string
- O365Audit
Source stringId - The internal ID of the source.
- Third
Party O365AuditRef Source Third Party Ref - Configuration block for O365 third-party reference.
- Timezone string
- Url string
- The HTTP endpoint to use for receiving O365 audit notifications.
- Use
Autoline boolMatching
- Automatic
Date boolParsing - Category string
- Collector
Id float64 - Content
Type string - Cutoff
Relative stringTime - Cutoff
Timestamp float64 - Default
Date []O365AuditFormats Source Default Date Format Args - Description string
- Fields map[string]string
- Filters
[]O365Audit
Source Filter Args - Force
Timezone bool - Hash
Algorithm string - Host
Name string - Manual
Prefix stringRegexp - Message
Per boolRequest - Multiline
Processing boolEnabled - Name string
- O365Audit
Source stringId - The internal ID of the source.
- Third
Party O365AuditRef Source Third Party Ref Args - Configuration block for O365 third-party reference.
- Timezone string
- Url string
- The HTTP endpoint to use for receiving O365 audit notifications.
- Use
Autoline boolMatching
- automatic
Date BooleanParsing - category String
- collector
Id Double - content
Type String - cutoff
Relative StringTime - cutoff
Timestamp Double - default
Date List<O365AuditFormats Source Default Date Format> - description String
- fields Map<String,String>
- filters
List<O365Audit
Source Filter> - force
Timezone Boolean - hash
Algorithm String - host
Name String - manual
Prefix StringRegexp - message
Per BooleanRequest - multiline
Processing BooleanEnabled - name String
- o365Audit
Source StringId - The internal ID of the source.
- third
Party O365AuditRef Source Third Party Ref - Configuration block for O365 third-party reference.
- timezone String
- url String
- The HTTP endpoint to use for receiving O365 audit notifications.
- use
Autoline BooleanMatching
- automatic
Date booleanParsing - category string
- collector
Id number - content
Type string - cutoff
Relative stringTime - cutoff
Timestamp number - default
Date O365AuditFormats Source Default Date Format[] - description string
- fields {[key: string]: string}
- filters
O365Audit
Source Filter[] - force
Timezone boolean - hash
Algorithm string - host
Name string - manual
Prefix stringRegexp - message
Per booleanRequest - multiline
Processing booleanEnabled - name string
- o365Audit
Source stringId - The internal ID of the source.
- third
Party O365AuditRef Source Third Party Ref - Configuration block for O365 third-party reference.
- timezone string
- url string
- The HTTP endpoint to use for receiving O365 audit notifications.
- use
Autoline booleanMatching
- automatic_
date_ boolparsing - category str
- collector_
id float - content_
type str - cutoff_
relative_ strtime - cutoff_
timestamp float - default_
date_ Sequence[O365Auditformats Source Default Date Format Args] - description str
- fields Mapping[str, str]
- filters
Sequence[O365Audit
Source Filter Args] - force_
timezone bool - hash_
algorithm str - host_
name str - manual_
prefix_ strregexp - message_
per_ boolrequest - multiline_
processing_ boolenabled - name str
- o365_
audit_ strsource_ id - The internal ID of the source.
- third_
party_ O365Auditref Source Third Party Ref Args - Configuration block for O365 third-party reference.
- timezone str
- url str
- The HTTP endpoint to use for receiving O365 audit notifications.
- use_
autoline_ boolmatching
- automatic
Date BooleanParsing - category String
- collector
Id Number - content
Type String - cutoff
Relative StringTime - cutoff
Timestamp Number - default
Date List<Property Map>Formats - description String
- fields Map<String>
- filters List<Property Map>
- force
Timezone Boolean - hash
Algorithm String - host
Name String - manual
Prefix StringRegexp - message
Per BooleanRequest - multiline
Processing BooleanEnabled - name String
- o365Audit
Source StringId - The internal ID of the source.
- third
Party Property MapRef - Configuration block for O365 third-party reference.
- timezone String
- url String
- The HTTP endpoint to use for receiving O365 audit notifications.
- use
Autoline BooleanMatching
Supporting Types
O365AuditSourceDefaultDateFormat, O365AuditSourceDefaultDateFormatArgs
O365AuditSourceFilter, O365AuditSourceFilterArgs
- Filter
Type string - Name string
- Regexp string
- Mask string
- Filter
Type string - Name string
- Regexp string
- Mask string
- filter
Type String - name String
- regexp String
- mask String
- filter
Type string - name string
- regexp string
- mask string
- filter_
type str - name str
- regexp str
- mask str
- filter
Type String - name String
- regexp String
- mask String
O365AuditSourceThirdPartyRef, O365AuditSourceThirdPartyRefArgs
- Resources
O365Audit
Source Third Party Ref Resources - List of resource configurations. Currently, only one resource is supported.
- Resources
O365Audit
Source Third Party Ref Resources - List of resource configurations. Currently, only one resource is supported.
- resources
O365Audit
Source Third Party Ref Resources - List of resource configurations. Currently, only one resource is supported.
- resources
O365Audit
Source Third Party Ref Resources - List of resource configurations. Currently, only one resource is supported.
- resources
O365Audit
Source Third Party Ref Resources - List of resource configurations. Currently, only one resource is supported.
- resources Property Map
- List of resource configurations. Currently, only one resource is supported.
O365AuditSourceThirdPartyRefResources, O365AuditSourceThirdPartyRefResourcesArgs
- Authentication
O365Audit
Source Third Party Ref Resources Authentication - Configuration block for O365 app registration authentication.
- Path
O365Audit
Source Third Party Ref Resources Path - Configuration block for the O365 notification path.
- Service
Type string - The service type. Must be
O365AuditNotification.
- Authentication
O365Audit
Source Third Party Ref Resources Authentication - Configuration block for O365 app registration authentication.
- Path
O365Audit
Source Third Party Ref Resources Path - Configuration block for the O365 notification path.
- Service
Type string - The service type. Must be
O365AuditNotification.
- authentication
O365Audit
Source Third Party Ref Resources Authentication - Configuration block for O365 app registration authentication.
- path
O365Audit
Source Third Party Ref Resources Path - Configuration block for the O365 notification path.
- service
Type String - The service type. Must be
O365AuditNotification.
- authentication
O365Audit
Source Third Party Ref Resources Authentication - Configuration block for O365 app registration authentication.
- path
O365Audit
Source Third Party Ref Resources Path - Configuration block for the O365 notification path.
- service
Type string - The service type. Must be
O365AuditNotification.
- authentication
O365Audit
Source Third Party Ref Resources Authentication - Configuration block for O365 app registration authentication.
- path
O365Audit
Source Third Party Ref Resources Path - Configuration block for the O365 notification path.
- service_
type str - The service type. Must be
O365AuditNotification.
- authentication Property Map
- Configuration block for O365 app registration authentication.
- path Property Map
- Configuration block for the O365 notification path.
- service
Type String - The service type. Must be
O365AuditNotification.
O365AuditSourceThirdPartyRefResourcesAuthentication, O365AuditSourceThirdPartyRefResourcesAuthenticationArgs
- Client
Id string - The Azure AD application (client) ID.
- Client
Secret string - The Azure AD client secret value. This is marked as sensitive.
- Tenant
Id string - The Azure AD tenant ID (directory ID).
- Type string
- The authentication type. Must be
O365AppRegistrationAuthentication.
- Client
Id string - The Azure AD application (client) ID.
- Client
Secret string - The Azure AD client secret value. This is marked as sensitive.
- Tenant
Id string - The Azure AD tenant ID (directory ID).
- Type string
- The authentication type. Must be
O365AppRegistrationAuthentication.
- client
Id String - The Azure AD application (client) ID.
- client
Secret String - The Azure AD client secret value. This is marked as sensitive.
- tenant
Id String - The Azure AD tenant ID (directory ID).
- type String
- The authentication type. Must be
O365AppRegistrationAuthentication.
- client
Id string - The Azure AD application (client) ID.
- client
Secret string - The Azure AD client secret value. This is marked as sensitive.
- tenant
Id string - The Azure AD tenant ID (directory ID).
- type string
- The authentication type. Must be
O365AppRegistrationAuthentication.
- client_
id str - The Azure AD application (client) ID.
- client_
secret str - The Azure AD client secret value. This is marked as sensitive.
- tenant_
id str - The Azure AD tenant ID (directory ID).
- type str
- The authentication type. Must be
O365AppRegistrationAuthentication.
- client
Id String - The Azure AD application (client) ID.
- client
Secret String - The Azure AD client secret value. This is marked as sensitive.
- tenant
Id String - The Azure AD tenant ID (directory ID).
- type String
- The authentication type. Must be
O365AppRegistrationAuthentication.
O365AuditSourceThirdPartyRefResourcesPath, O365AuditSourceThirdPartyRefResourcesPathArgs
- Region string
- The Office 365 deployment region. Valid values are:
Commercial- Commercial cloud (default)GCC- Government Community CloudGCC High- Government Community Cloud High
- Type string
- The path type. Must be
O365NotificationPath. - Workload string
- The Office 365 workload to collect audit logs from. Valid values are:
Audit.Exchange- Exchange audit logsAudit.AzureActiveDirectory- Azure Active Directory audit logsAudit.SharePoint- SharePoint audit logsAudit.General- General audit logsDLP.All- Data Loss Prevention logs
- Region string
- The Office 365 deployment region. Valid values are:
Commercial- Commercial cloud (default)GCC- Government Community CloudGCC High- Government Community Cloud High
- Type string
- The path type. Must be
O365NotificationPath. - Workload string
- The Office 365 workload to collect audit logs from. Valid values are:
Audit.Exchange- Exchange audit logsAudit.AzureActiveDirectory- Azure Active Directory audit logsAudit.SharePoint- SharePoint audit logsAudit.General- General audit logsDLP.All- Data Loss Prevention logs
- region String
- The Office 365 deployment region. Valid values are:
Commercial- Commercial cloud (default)GCC- Government Community CloudGCC High- Government Community Cloud High
- type String
- The path type. Must be
O365NotificationPath. - workload String
- The Office 365 workload to collect audit logs from. Valid values are:
Audit.Exchange- Exchange audit logsAudit.AzureActiveDirectory- Azure Active Directory audit logsAudit.SharePoint- SharePoint audit logsAudit.General- General audit logsDLP.All- Data Loss Prevention logs
- region string
- The Office 365 deployment region. Valid values are:
Commercial- Commercial cloud (default)GCC- Government Community CloudGCC High- Government Community Cloud High
- type string
- The path type. Must be
O365NotificationPath. - workload string
- The Office 365 workload to collect audit logs from. Valid values are:
Audit.Exchange- Exchange audit logsAudit.AzureActiveDirectory- Azure Active Directory audit logsAudit.SharePoint- SharePoint audit logsAudit.General- General audit logsDLP.All- Data Loss Prevention logs
- region str
- The Office 365 deployment region. Valid values are:
Commercial- Commercial cloud (default)GCC- Government Community CloudGCC High- Government Community Cloud High
- type str
- The path type. Must be
O365NotificationPath. - workload str
- The Office 365 workload to collect audit logs from. Valid values are:
Audit.Exchange- Exchange audit logsAudit.AzureActiveDirectory- Azure Active Directory audit logsAudit.SharePoint- SharePoint audit logsAudit.General- General audit logsDLP.All- Data Loss Prevention logs
- region String
- The Office 365 deployment region. Valid values are:
Commercial- Commercial cloud (default)GCC- Government Community CloudGCC High- Government Community Cloud High
- type String
- The path type. Must be
O365NotificationPath. - workload String
- The Office 365 workload to collect audit logs from. Valid values are:
Audit.Exchange- Exchange audit logsAudit.AzureActiveDirectory- Azure Active Directory audit logsAudit.SharePoint- SharePoint audit logsAudit.General- General audit logsDLP.All- Data Loss Prevention logs
Import
O365 Audit sources can be imported using the collector and source IDs (collector/source), e.g.:
hcl
$ pulumi import sumologic:index/o365AuditSource:O365AuditSource exchange_audit 123/456
O365 Audit sources can be imported using the collector name and source name (collectorName/sourceName), e.g.:
hcl
$ pulumi import sumologic:index/o365AuditSource:O365AuditSource exchange_audit my-o365-collector/my-exchange-source
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Sumo Logic sumologic/terraform-provider-sumologic
- License
- Notes
- This Pulumi package is based on the
sumologicTerraform Provider.
Viewing docs for sumologic 3.2.5
published on Thursday, Mar 26, 2026 by sumologic
published on Thursday, Mar 26, 2026 by sumologic
