mandiant/Mandiant-Azure-AD-Investigator external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

mandiant/Mandiant-Azure-AD-Investigator

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/mandiant/Mandiant-Azure-AD-Investigator)

Close

mandiant / Mandiant-Azure-AD-InvestigatorView on GitHubMore

• External links
• Readme badge

☆645Jun 6, 2023Updated 2 years ago

Alternatives and similar repositories for Mandiant-Azure-AD-Investigator

Users that are interested in Mandiant-Azure-AD-Investigator are comparing it to the libraries listed below

• CrowdStrike / CRT

  View on GitHub
  Contact: CRT@crowdstrike.com
  ☆750Apr 27, 2023Updated 2 years ago
• cisagov / Sparrow

  View on GitHub
  Sparrow.ps1 was created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 en…
  ☆1,428Dec 27, 2022Updated 3 years ago
• dirkjanm / ROADtools

  View on GitHub
  A collection of Azure AD/Entra tools for offensive and defensive security purposes
  ☆2,535Feb 5, 2026Updated last month
• hausec / PowerZure

  View on GitHub
  PowerShell framework to assess Azure security
  ☆1,256Oct 18, 2025Updated 4 months ago
• darkquasar / AzureHunter

  View on GitHub
  A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
  ☆790Oct 29, 2022Updated 3 years ago
• NetSPI / MicroBurst

  View on GitHub
  A collection of scripts for assessing Microsoft Azure security
  ☆2,313Oct 29, 2025Updated 4 months ago
• Azure / Stormspotter

  View on GitHub
  Azure Red Team tool for graphing Azure and Azure Active Directory objects
  ☆1,685Jan 8, 2024Updated 2 years ago
• AzureAD / Azure-AD-Incident-Response-PowerShell-Module

  View on GitHub
  The Azure Active Directory Incident Response PowerShell module provides a number of tools, developed by the Azure Active Directory Produc…
  ☆451Jun 16, 2023Updated 2 years ago
• AzureAD / AzureADAssessment

  View on GitHub
  Tooling for assessing an Azure AD tenant state and configuration
  ☆831Jun 12, 2024Updated last year
• Cloud-Architekt / AzureAD-Attack-Defense

  View on GitHub
  This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and …
  ☆2,478Dec 31, 2025Updated 2 months ago
• OTRF / Microsoft-Sentinel2Go

  View on GitHub
  Microsoft Sentinel2Go is an open source project developed to expedite the deployment of a Microsoft Sentinel research lab.
  ☆586Jan 22, 2025Updated last year
• Azure / SimuLand

  View on GitHub
  Understand adversary tradecraft and improve detection strategies
  ☆711Mar 9, 2023Updated 2 years ago
• ANSSI-FR / DFIR-O365RC

  View on GitHub
  PowerShell module for Office 365 and Azure log collection
  ☆279Sep 22, 2025Updated 5 months ago
• invictus-ir / Microsoft-Extractor-Suite

  View on GitHub
  A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.
  ☆771Updated this week
• T0pCyber / hawk

  View on GitHub
  Powershell Based tool for gathering information related to O365 intrusions and potential Breaches
  ☆924Feb 26, 2026Updated last week
• PlumHound / PlumHound

  View on GitHub
  Bloodhound Reporting for Blue and Purple Teams
  ☆1,278Nov 15, 2025Updated 3 months ago
• mandiant / Azure_Workshop

  View on GitHub
  ☆614Jun 1, 2023Updated 2 years ago
• dafthack / MFASweep

  View on GitHub
  A tool for checking if MFA is enabled on multiple Microsoft Services
  ☆1,635Mar 4, 2025Updated last year
• Gerenios / AADInternals

  View on GitHub
  AADInternals PowerShell module for administering Azure AD and Office 365
  ☆1,599Sep 30, 2025Updated 5 months ago
• ScarredMonk / SysmonSimulator

  View on GitHub
  Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…
  ☆864Jan 20, 2022Updated 4 years ago
• jsa2 / caOptics

  View on GitHub
  CA Optics - Azure AD Conditional Access Gap Analyzer
  ☆334Aug 28, 2024Updated last year
• FalconForceTeam / FalconHound

  View on GitHub
  FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is de…
  ☆816Feb 17, 2025Updated last year
• reprise99 / Sentinel-Queries

  View on GitHub
  Collection of KQL queries
  ☆1,611Jan 29, 2026Updated last month
• mandiant / ADFSpoof

  View on GitHub
  ☆408Feb 10, 2026Updated 3 weeks ago
• Cyb3r-Monk / RITA-J

  View on GitHub
  Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.
  ☆208Jul 21, 2022Updated 3 years ago
• cyb3rfox / Aurora-Incident-Response

  View on GitHub
  Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders
  ☆1,061Oct 5, 2023Updated 2 years ago
• iknowjason / PurpleCloud

  View on GitHub
  A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-pur…
  ☆628Mar 21, 2025Updated 11 months ago
• edoardogerosa / sentinel-attack

  View on GitHub
  Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
  ☆1,078Nov 28, 2024Updated last year
• OTRF / Security-Datasets

  View on GitHub
  Re-play Security Events
  ☆1,725Mar 20, 2024Updated last year
• PwC-IR / Office-365-Extractor

  View on GitHub
  The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)
  ☆267Feb 3, 2022Updated 4 years ago
• trustedsec / SysmonCommunityGuide

  View on GitHub
  TrustedSec Sysinternals Sysmon Community Guide
  ☆1,375Feb 10, 2026Updated 3 weeks ago
• splunk / attack_range

  View on GitHub
  A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data int…
  ☆2,452Updated this week
• sans-blue-team / DeepBlueCLI

  View on GitHub
  ☆2,392Oct 14, 2023Updated 2 years ago
• LETHAL-FORENSICS / Microsoft-Analyzer-Suite

  View on GitHub
  A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID
  ☆577Dec 6, 2025Updated 3 months ago
• olafhartong / sysmon-modular

  View on GitHub
  A repository of sysmon configuration modules
  ☆2,987Aug 21, 2024Updated last year
• BloodHoundAD / BARK

  View on GitHub
  BloodHound Attack Research Kit
  ☆585Mar 18, 2025Updated 11 months ago
• rvrsh3ll / TokenTactics

  View on GitHub
  Azure JWT Token Manipulation Toolset
  ☆718Dec 6, 2024Updated last year
• JPCERTCC / SysmonSearch

  View on GitHub
  Investigate suspicious activity by visualizing Sysmon's event log
  ☆431Dec 22, 2023Updated 2 years ago
• rootsecdev / Azure-Red-Team

  View on GitHub
  Azure Security Resources and Notes
  ☆1,713Feb 17, 2026Updated 2 weeks ago