We need to integrate Office 365 with an existing system. For this, we will need to use Office 365 APIs to fetch important resources from Office 365, fetch/download logs for monitoring events, Audit Policy monitoring programmatically.
- Does Office 365 provide APIs for security policy monitoring
- Does it provide for APIs for maintaining and downloading logs
The Office 365 Management Activity API , currently in Preview mode, is designed to do just that. sort of...
It allow registering on events from Active Directory, SharePoint and Exchange, and receive many events from those systems.
It doesn't allow for easily downloading the logs (via hooks or via polling on endpoints you registered to), and they are kept for 7 days, so you'd better collect them yourself if you need longer than that.
The docs are pretty extensive although lack at value - they don't tell you which events there are and what they look like. In addition, to take full advantage of the data, you'd have to have deep understanding of the authorization model...
There are a few products out there which do some-to-all of this for you - connect to the system, collect the logs periodically, one even normalizes the events across multiple cloud-apps (i.e. Salesforce, Google Apps, ServiceNow etc.) and sent it to your SIEM for analysis and persistency.
If you need an On-premise solution I'd check out Skyformation's solution , if you don't mind having your data sent to other clouds and stored there (and not in your SIEM) then perhaps Adalom, Cloudlock or others' solution might be a better fit.
I don't believe that there are APIs that will capture all of what you want to do. In case you haven't already, you should see if the Office 365 Reporting web service provides any of the information you need. Otherwise, I think you'd need to use PowerShell to connect to the service, then run some scripts for exporting logs, and do this as some scheduled task. That's what I'd look into.