A dataset containing Office 365 Unified Audit Logs for security research and detection
☆58Jun 7, 2022Updated 3 years ago
Alternatives and similar repositories for o365_dataset
Users that are interested in o365_dataset are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆72Oct 21, 2024Updated last year
- This repository contains the research and components of our research into using Sigma for AWS Incident Response.☆31Jul 12, 2023Updated 2 years ago
- A dataset with CloudTrail events from an attack simulation using Stratus.☆25Jul 12, 2023Updated 2 years ago
- The Business Email Compromise Guide sets out to describe 10 steps for performing a Business Email Compromise (BEC) investigation in an Of…☆279Feb 2, 2021Updated 5 years ago
- This repository contains sample log data that were collected after running adversary simulations in Microsoft 365☆24Oct 9, 2024Updated last year
- NordVPN Threat Protection Pro™ • AdTake your cybersecurity to the next level. Block phishing, malware, trackers, and ads. Lightweight app that works with all browsers.
- A tool for AWS incident response, that allows for enumeration, acquisition and analysis of data from AWS environments for the purpose of …☆198Jan 6, 2026Updated 2 months ago
- ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…☆174Mar 2, 2026Updated 3 weeks ago
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆226Oct 26, 2025Updated 5 months ago
- /ˈhäjˌpäj/ "a confused mixture."☆13Mar 17, 2026Updated last week
- Repository with supporting materials for Invictus Academy/Training☆43Jan 3, 2025Updated last year
- 🐻❄️ 🏹 Threat hunting with Polars and flaws.cloud AWS CloudTrail datasets.☆14May 22, 2024Updated last year
- 2021 SANS DFIR Summit: Greppin' Logs☆20Oct 30, 2025Updated 5 months ago
- ☆30Jan 13, 2026Updated 2 months ago
- A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.☆776Mar 3, 2026Updated 3 weeks ago
- End-to-end encrypted email - Proton Mail • AdSpecial offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
- KQL queries for Incident Response☆14Oct 31, 2023Updated 2 years ago
- FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (ext4, XFS) journals (not systemd-journald logs), gene…☆104Jan 13, 2026Updated 2 months ago
- Snort_rules detection bad actors.☆29Aug 18, 2024Updated last year
- Kerberos Haters Guide to Zeek Threat Hunting☆35Oct 14, 2021Updated 4 years ago
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆79Jan 9, 2024Updated 2 years ago
- ☆21Nov 19, 2025Updated 4 months ago
- Here are some tools I developed to help analyze malware☆11Nov 8, 2023Updated 2 years ago
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.☆81Jan 6, 2026Updated 2 months ago
- The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)☆268Feb 3, 2022Updated 4 years ago
- NordVPN Special Discount Offer • AdSave on top-rated NordVPN 1 or 2-year plans with secure browsing, privacy protection, and support for for all major platforms.
- A Windows registry file parser written in Rust☆41Oct 30, 2025Updated 5 months ago
- Rhaegal is a tool written in Python 3 used to scan Windows Event Logs for suspicious logs. Rhaegal uses custom rule format to detect sus…☆43Sep 21, 2023Updated 2 years ago
- Repository of attack and defensive information for Business Email Compromise investigations☆276May 10, 2025Updated 10 months ago
- A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare …☆193Oct 29, 2025Updated 5 months ago
- A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID☆583Dec 6, 2025Updated 3 months ago
- Network analysis with Wireshark, is the topic in this repo!☆14May 6, 2023Updated 2 years ago
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- Notes on responding to security breaches relating to Azure AD☆122Mar 14, 2022Updated 4 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- ☆36Jan 11, 2023Updated 3 years ago
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆37Jul 11, 2023Updated 2 years ago
- my MSTICpy practice and custom tools repository☆11Apr 23, 2025Updated 11 months ago
- Blueteam operational triage registry hunting/forensic tool.☆149Sep 2, 2025Updated 6 months ago
- Documentation and scripts to properly enable Windows event logs.☆674Oct 3, 2025Updated 5 months ago
- This directory contains presentations and related materials of my speaking engagements. I also use this to record historical presentation…☆17Feb 13, 2025Updated last year
- This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix☆74Jan 26, 2022Updated 4 years ago