Monitoring 0365 Connector

mike1098 · September 27, 2022, 3:17pm

Hello community, because of issues with Microsoft 0365 Connector not processing messages anymore we are demanded to develop a monitoring to be informed about this situation in the future.
Current solution is to do a remote PowerShell session to o365 on a windows host and run a command. While this is technically possible and could be used in an agent plugin it has some organizational and technical disadvantages and we would prefer to direct connect via a Datasource Agent to 0365 to get the status of the connectors.

Is there anyone out there who may had the same issue and probably already a solution or one who may share some knowledge how to connect to 0365 from checkmk.

There is an API for o365 available but we didnt found the information how to gather the status of the connectors.

See

Any help is much appreciated.

best regards

Michael

Anders · September 27, 2022, 5:00pm

Checkmk does not have anything like that OOB. You can however write active checks in whatever language you want as long as you have that installed on your checkmk server - So you can write a Powershell check for this.

andreas-doehler · September 27, 2022, 7:19pm

If i read the documentation correctly the easiest way is to use the login portion and also the request part from the normal Azure agent. Then you can switch the URLs from Azure to MS security center.
With this you get an special agent directly usable from your monitoring server.
The “Hello world” example is a good and easy start Hello World for Microsoft Defender for Endpoint API | Microsoft Learn

mike1098 · September 28, 2022, 7:26am

Thats clear so far but we dont want to go the inderect way through a windows host. A DataSource Agent would be the preferred way.

Thanks Andreas, What we did not found in the API is the status of the connectors. Its only about machines and software, whatever that means.

regards

Michael

Anders · September 28, 2022, 5:12pm

What I meant, and perhaps I didn’t explain that, is that you can run powershell code on your Linux Checkmk server, Microsoft is working hard to port all their Powershell libs to run on Powershell core (Not sure if O365 is there)

mike1098 · September 29, 2022, 7:06am

Its known to us that powershell is available for Linux but unfortunately we run appliances where we are not allowed to install additional software.

Nevertheless I will check with our o365 if its possible in general to use Powershell on Linux to do this remote session.

Thank you

Michael

Anders · September 30, 2022, 3:44pm

That was an important information that you left out.
So you are OK with having an extra linux box but not windows box, and at the same time you use O365? Interesting.
Yea good luck
Thank you!

mike1098 · September 30, 2022, 4:02pm

I dont know what you want to achieve with such a post.
The goal is not having any ‘extra box’ regardless if Windows or Linux. Our intention is to write a DataSource Agent (AKA Special Agent) and as check_mk is available only on Linux it has to be Linux

The reason is not having indirect monitoring. We wont to avoid that we go through a Windows Host which is not related to the intended monitoring and could be decommissioned which would remove this monitoring silently.

I hope you feel better with that information. Any helpful posts are always welcome.

Best regards

Michael