PwC-IR / MIA-MailItemsAccessed-
Tool to extract Sessions, MessageID(s) and find the emails belonging to MessageID(s). This script utilizes the MailItemsAccessed features from the Office 365 Audit Log.
☆37Updated 3 years ago
Related projects: ⓘ
- ☆68Updated last year
- Microsoft Threat Protection Advance Hunting Cheat Sheet☆76Updated 4 years ago
- Advanced Hunting Queries for Microsoft Security Products☆106Updated last year
- Azure Sentinel Template parser☆15Updated 3 years ago
- Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs☆50Updated last year
- M365 MDATP Live Response sample scripts☆58Updated 3 years ago
- ☆25Updated this week
- ☆26Updated 3 years ago
- Incident Response Report Using GitHub-Sphinx☆19Updated 4 years ago
- ☆40Updated last year
- A WDAC configuration repository with the sole intention of enriching MDE☆27Updated last year
- ☆15Updated 2 years ago
- Provides detection capabilities and log conversion to evtx or syslog capabilities☆51Updated 2 years ago
- Powershell Scripts to work on Crowdstrike Falcon that pull back raw data relevant to forensic investigation☆21Updated last month
- This repository was created to aid in the deployment/maintenance of the Sysmon service on a large number of computers.☆82Updated last year
- ☆47Updated 4 years ago
- BulkStrike enables the usage of CrowdStrike Real Time Response (RTR) to bulk execute commands on multiple machines.☆41Updated last year
- ☆31Updated last year
- Hunting Queries for Defender ATP☆70Updated last week
- Various tools used to monitor and troubleshoot Azure Sentinel data☆27Updated last month
- ☆25Updated 3 weeks ago
- Automation around Entra ID☆33Updated 2 months ago
- RRR (Rapid Response Reporting) is a collection of Incident Response Report objects. They are designed to help incident responders provid…☆36Updated 2 years ago
- Links and guidance related to the return on mitigation report in the Microsoft Digital Defense Report☆27Updated 11 months ago
- ☆13Updated this week
- ☆58Updated last year
- Specific guidance and configuration scripts based on Microsoft-recommended security configuration baselines for Windows.☆9Updated 4 years ago
- ☆29Updated last year
- Cyber Defence related kusto queries for use in Azure Sentinel and Defender advanced hunting☆54Updated this week