This simple API connector queries the Office 365 Management API and pushes audit logs to the Elastic Stack (Logstash) via TCP. This script was tested with Python 3.5 and 3.6.
Requests
pip3 install requests
Microsoft Azure Active Directory Authentication Library (ADAL) for Python
pip3 install adal
IMPORTANT: Before utilizing this script, you will need to create an Azure app to grant this script access to the API endpoints. I've written a post about this (and my process while scripting this connector).
Please note that I am a novice at both Python and working with APIs, so this script will likely be refined over time. Please let me know if you have any suggestions to improve the script!