Microsoft Exchange

Microsoft Exchange consists of security analytics components that normalize Microsoft Exchange events, enabling you to analyze Microsoft Exchange data. Logpoint aggregates and normalizes logs related to log types, log volume, mail receivers, mail senders, mail activity, SMTP AQ failures, and SMTP bad emails from Microsoft Exchange systems so you can analyze the information through a dashboard and security report.

Release Details

Version: 5.4.0

Release date: December 19, 2024

Supported On: Logpoint v7.4.0 or later for log source template

Documentation: Microsoft Exchange guide

SHA 256: 906d34e02869244be3e8bb0fc81bec8f2ab467431ee4257af8255910b302aaa1

Download

Package Details

Microsoft Exchange Components

Dashboard Package
- LP_MSExchange MT
Report Package
- LP_Exchange MT
Normalization Packages
- LP_Microsoft Outlook Web Access (OWA)
- LP_MSExchange MT
- LP_MSExchange Server XML
- LP_MSExchange MT 2007
- LP_SMTP Exchange
Label Package
- LP_Exchange MT
Compiled Normalizers
- MSExchangeCompiledNormalizer
- ExchangeMTCompiledNormalizer
- ExchangeHTTPProxyCompiledNormalizer
Search Package
- LP_ExchangeMT
Alert Packages
- LP_ExchangeMT Unusual Outbound Email
- LP_ExchangeMT Possible Data Theft - Email with Attachment Outside Orga
Log Source Template
- Microsoft Exchange Server
- ExchangeOnlineMT

Key Information

When selecting the initial fetch date of logs, select no more than 2-3 days ago. Choosing an earlier date may prevent logs from being fetched successfully.
For ExchangeOnlineMT, you no longer need to use the PowerShell script zipped with Office365.

Enhancement

Description	Issue ID	Reference ID
Added Universal Rest API Fetcher based ExchangeOnlineMT log source template to simplify the log source configuration process. Go to Creating Log Source via a Template to learn more.	KB-23762	-

Past Releases

Microsoft Exchange v5.3.0

Release Date: May 08, 2024

Supported On: Logpoint v7.4.0 or later for log source template

Download: MicrosoftExchange_5.3.0.pak

SHA256: c0b726487946c781a43bb80c4b9401e27123beb4753d62e3f1da458db41af041

Enhancement

Description	Issue ID	Reference ID
Added Syslog Collector based Microsoft Exchange Server log source template to simplify the log source configuration process. Go to Creating Log Source via a Template to learn more.	KB-22748	-

Microsoft Exchange v5.2.2

Release Date: July 03, 2023

Supported On: Logpoint v6.7.0 or later

Download: MicrosoftExchange_5.2.2.pak

SHA256: f7e6bd12ac7055365f06470f5e6461113c3d295a20859dbb2f67dd27254d7fce

Enhancements

Bug Fixes

The following issues are fixed:

Description	Issue ID	Reference ID
Some Symantec Mail Security and MS Exchange logs were not normalized by MSExchangeCompiledNormalizer.	KB-20529, KB-20248	61991
Some Microsoft Exchange and Exchange MT logs were not normalized by ExchangeHTTPProxyCompiledNormalizer and LP_Exchange MT 2016.	KB-21363, KB-18174	75201, 68934
The DefaultFolderType and LED fields were not properly normalized by ExchangeMTCompiledNormalizer.	KB-18960, KB-19426	70001, 71056

Microsoft Exchange v5.2.0

Release Date: January 24, 2022

Supported On: Logpoint v6.7.0 or later

Download: MicrosoftExchange_5.2.0.pak

SHA256: 3a008b6606e882473c3d1f308ee7d0230b9a5bd055f87b7b94e669ff44161561

Enhancements

Description

Issue ID

Reference ID

The message field has been parsed for the MSExchange CmdLet logs.

KB-12092

51379

Changed the taxonomy of the following fields to maintain consistency:

Previously Used Field Name	Modified Field Name
clientid	client_id
begin_get_request_stream	begin_get_request_stream_ts
on_request_stream_ready	on_request_stream_ready_ts
begin_get_response	begin_get_response_ts
on_response_ready	on_response_ready_ts
end_get_response	end_get_response_ts
end_request	end_request_ts

KB-11953, KB-10435

Bug Fixes

The following issues are fixed:

Description	Issue ID	Reference ID
An issue in the compiled normalizer ExchangeHTTPProxyCompiledNormalizer where some of the Exchange Server logs were not normalized.	KB-13012	55438
An issue in the compiled normalizer ExchangeMTCompiledNormalizer where the subject and message fields were parsed incorrectly in some of the Microsoft Exchange logs.	KB- 11588, KB-15477	49131, 55194, 60807, 61991

Microsoft Exchange v5.1.0

Enhancements

It now includes the compiled normalizer ExchangeHTTPProxyCompiledNormalizer, which normalizes Exchange HTTP Proxy logs.
The taxonomy of the following fields has been changed to maintain consistency:

Previously Used Field Name	Modified Field Name
calendarupdatexsocodeattempts	calendar_update_xso_code_attempts
legacydn	legacy_dn
mbxguid	guid
meetingmessageprocessingattempts	meeting_message_processing_attempts
processingstage	processing_stage
processingsucceeded	processing_succeeded

Bug Fix

An issue where the ExchangeMTCompiledNormalizer threw a type error for an object of type NoneType.

Microsoft Exchange v5.0.1

Enhancement

A minor update to the Microsoft Exchange's normalizer which improves signature handling.

Microsoft Exchange v5.0.0

Enhancement

Microsoft Exchange has been updated to comply with Logpoint v6.7.0.

Microsoft Exchange v3.5.0

Release Date: February 26, 2020

Supported On: Logpoint v6.0.0 to v6.6.6

Download: MicrosoftExchange_3.5.0.pak

SHA256: c478cdb607b05b7dc16c109da327e8c8e6dcff61c8dc806295acb1461832c5e0

Microsoft Exchange has been upgraded to support Logpoint v6.7.0.

Enhancement

A minor update has been done in the normalizer for better signature handling.

Support

If you have any questions or require assistance, create a support ticket.