OfficeDev / O365-InvestigationToolingView external linksLinks
☆583Oct 9, 2020Updated 5 years ago
Alternatives and similar repositories for O365-InvestigationTooling
Users that are interested in O365-InvestigationTooling are comparing it to the libraries listed below
Sorting:
- Powershell Based tool for gathering information related to O365 intrusions and potential Breaches☆922Mar 7, 2025Updated 11 months ago
- Exchange Transport rules to detect and enable response to phishing☆419May 9, 2020Updated 5 years ago
- A collection of useful PowerShell scripts to demonstrate interacting with various customer facing features via the Graph API, such as Sec…☆39Sep 13, 2021Updated 4 years ago
- Evaluating and Reporting on Azure Active Directory/Active Directory Users Security Posture☆29May 8, 2019Updated 6 years ago
- Sparrow.ps1 was created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 en…☆1,432Dec 27, 2022Updated 3 years ago
- Office 365 Powershell scripts☆358Aug 9, 2023Updated 2 years ago
- The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)☆160Mar 27, 2023Updated 2 years ago
- A repository for using windows event forwarding for incident detection and response☆1,296Sep 8, 2025Updated 5 months ago
- Contact: CRT@crowdstrike.com☆749Apr 27, 2023Updated 2 years ago
- ☆261Jul 6, 2018Updated 7 years ago
- Tooling for assessing an Azure AD tenant state and configuration☆828Jun 12, 2024Updated last year
- Office 365 scripts and information☆510Feb 1, 2026Updated last week
- Office365 Log Analysis Framework☆81Jun 6, 2019Updated 6 years ago
- The Microsoft Defender for Office 365 Recommended Configuration Analyzer (ORCA)☆357Jun 20, 2024Updated last year
- Cloud-native SIEM for intelligent security analytics for your entire enterprise.☆5,474Updated this week
- Public SOA modules and information☆50Updated this week
- The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)☆266Feb 3, 2022Updated 4 years ago
- Sample queries for Advanced hunting in Microsoft 365 Defender☆2,048Feb 17, 2022Updated 3 years ago
- The O365 Admin Center is a GUI application that administrators can use to administer every aspect of Office 365 including Exchange Online…☆301May 2, 2019Updated 6 years ago
- Tools for parsing Forensic images☆41Dec 14, 2018Updated 7 years ago
- Manages, configures, extracts and monitors Microsoft 365 tenant configurations☆2,184Updated this week
- GUI Application written in PowerShell to easily and quickly create, and configure Active Directory and/or Office 365 Users in a single wi…☆404Jan 24, 2020Updated 6 years ago
- Untitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in…☆944Updated this week
- PowerForensics provides an all in one platform for live disk forensic analysis☆1,428Nov 16, 2023Updated 2 years ago
- MDATP☆456Jul 20, 2024Updated last year
- PowerShell examples for articles published on https://office365itpros.com and https://practical365.com. See https://o365itpros.gumroad.co…☆1,697Updated this week
- ☆53May 21, 2018Updated 7 years ago
- Sysmon configuration file template with default high-quality event tracing☆5,379Jul 3, 2024Updated last year
- Carve $MFT records from a chunk of data (for instance a memory dump)☆16Aug 21, 2016Updated 9 years ago
- A GC link parser for both linkfiles and jumplists.☆18Oct 28, 2016Updated 9 years ago
- CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across al…☆659Aug 19, 2019Updated 6 years ago
- Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsac…☆881Nov 17, 2020Updated 5 years ago
- Server for receiving autorun data from the clients☆13Sep 26, 2017Updated 8 years ago
- Robust and practical application control for Windows☆683Aug 12, 2022Updated 3 years ago
- Scripts and code referenced in CrowdStrike blog posts☆336Nov 13, 2019Updated 6 years ago
- Tool to parse SRU database☆25Mar 1, 2018Updated 7 years ago
- This is a collection of scripts that you can use to manage Office 365 Groups through PowerShell.☆16Sep 8, 2021Updated 4 years ago
- Secure and log *available* activities in your Microsoft Office 365 environment☆39Aug 21, 2018Updated 7 years ago
- Microsoft Compliance Configuration Analyzer☆107Aug 29, 2023Updated 2 years ago