Does anyone have any experience with ingesting these types of events?
The events from the scans are written to the Unified Audit Log, however I don’t think these currently fall under the event types that IDR can parse from the MS365 Event Source i.e. Microsoft Office 365 | InsightIDR Documentation. There’s a data connector to to write these to an analytics workspace in Sentinel, but we’re looking to get these into Rapid7.