Add files via upload

Author: nterl0k

data_sources/office_365_reporting_message_trace.yml

@@ -0,0 +1,16 @@
+name: Office 365 Reporting Message Trace
+id: b637788e-fcf0-44fa-86ea-cab81193f939
+version: 1
+date: '2025-02-28'
+author: Steven Dick
+description: Data source object for Office 365 Reporting Message Trace
+source: o365
+sourcetype: o365:reporting:messagetrace
+separator: Organization
+supported_TA:
+- name: Splunk Microsoft Office 365 Add-on
+  url: https://splunkbase.splunk.com/app/4055
+  version: 4.8.0
+fields:
+- _time
+example_log: '{"Organization": "attackrange.onmicrosoft.com", "MessageId": "<BY5PR08MB62304A5BB7F9EE555B4CEA26DC1C2@BY5PR08MB6230.namprd08.prod.outlook.com>", "Received": "2025-01-16T21:06:46.832439", "SenderAddress": "victim_2@attack_range.lan", "RecipientAddress": "[email protected]", "Subject": "Accounts and Passwords", "Status": "Delivered", "ToIP": "2607:f8b0:400e:c0d::1a", "FromIP": "189.135.168.197", "Size": 33584, "MessageTraceId": "3567c8ef-cc17-4a3f-d166-08dd3161e4fc", "Index": 3035}'