Today we released the next phase of our Threat Intelligence monitoring features at Office365Mon.Com. Office 365 monitoring has been a staple of ours at Office365Mon.Com for a number of years now, and recently we’ve expanded it to take advantage of the new Threat Intelligence capabilities provided to Office 365 E5 license holders. Our initial offering included support for threats that were delivered via email to Office 365 customers.
As explained in our initial blog post here: https://samlman.wordpress.com/2017/12/04/stay-informed-with-new-malware-monitoring-from-office365mon-com/, the Threat Intelligence monitoring we’ve launched already allows you to do things like get notified the first time a new malware is sent to your organization, when you get more than a certain number of malware within a given time period, and when any user gets more than a certain number of malware in any given day. All of that monitoring and alerting has been based on malware that arrives via email. Today, we’re adding support for monitoring malware threats in SharePoint and OneDrive for Business. By adding these additional services, you can be assured that when your monitoring Office 365, you’ll also be kept aware of when and where malware shows up in virtually all of the primary repositories in your Office 365 tenant.
In addition to the notification options described above, we’ve added a new one one that’s designed specifically for SharePoint and OneDrive for Business – alerting you when any individual user uploads and/or shares an excessive number of malware infected files in any given day. You decide what an “excessive” number is, and we do the rest. As always, configuration is incredibly simple for these features, as shown here:
Every time any user uploads an excessive number of items, you’ll be given a notification along with details around who is responsible. That allows you to take quick action in case one of your users’ devices has been compromised or they are otherwise unaware that they have pushed malware infected items into your Office 365 tenant. You’ll get the information you need to focus your efforts on the individuals who are having the most difficulties so you can lock things down and disinfect their devices.
We’ve also rolled this data into several of our existing Threat Intelligence monitoring reports, as well as adding some new ones too. Here’s a look at all of the Threat Intelligence related reports in our Advanced Report gallery; the one’s highlighted in green are existing reports that now contain additional data from SharePoint and OneDrive; the one highlighted in purple contains a set of new reports just for malware found in SharePoint and OneDrive.
When you view the Other SharePoint Threats report, there are actually a number of different ways to view data points about the malware that’s made it into your tenant:
- By author, or the person that uploaded the infected item
- By site, so you know which sites are most problematic for having infected materials sent to them
- By malware family, so you can see which types of malware are making their way into SharePoint and OneDrive for Business most frequently
- By file type, so you can see which types of files are getting infected most frequently and then subsequently working their way into your tenant
You’re really getting a comprehensive view of your tenant when monitoring Office 365 with Office365Mon.Com. The new release today further broadens the multitude of ways in which we keep you in the know and in control of your Office 365 tenant.
You can try out our new and improved Threat Intelligence monitoring features by visiting us at https://www.office365mon.com. If don’t have an Office365Mon subscription yet, you can create one for free for 90 days with all of these features turned on. We never ask for any payment information up front, so you can just click on the big Start Now link on the home page and get started. If you’re an existing Office365Mon customer, just go to the Configure Threat Intelligence Monitoring page for your subscription at https://www.office365mon.com/Configure/Threats.
As always, if you have any questions or feedback on this or any other features, please reach out to our support team at firstname.lastname@example.org.
From Sunny Phoenix,