This script makes it possible to extract log data out of an Office365 environment. The script created by us consist out of four main options, which enable the investigator to easily extract logging out of an Office365 environment.
Pretty straightforward a search is executed and the total number of logs within the
set timeframe will be displayed and written to a csv file called “Amount_Of_Audit_Logs.csv” the file is prefixed with a random number to prevent duplicates.
Extract all audit logs” this option wil get all available audit logs within the set timeframe and written out to a file called AuditRecords.CSV.
Extract a group of logs. You can for example extract all Exchange or Azure logging in one go
Extract specific audit logs” Use this option if you want to extract a subset of the audit logs. To configure what logs will be extracted the tool needs to
be configured with the required Record Types. A full list of recordtypes can be found at the bottom of this page.
The output files will be writen in a directory called ‘Log_Directory” and will be given the name of their recordtype e.g. (ExchangeItem_AuditRecords.csv)
-Exchange Online PowerShell V2 Module
-PowerShell
-Office365 account with privileges to access/extract audit logging
-One of the following windows versions:
Windows 10, Windows 8.1, Windows 8, or Windows 7 Service Pack 1 (SP1)
Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 SP1
You have to be assigned the View-Only Audit Logs or Audit Logs role in Exchange Online to search the Office 365 audit log.
By default, these roles are assigned to the Compliance Management and Organization Management role groups on the Permissions page in the Exchange admin center.
To give a user the ability to search the Office 365 audit log with the minimum level of privileges, you can create a custom role group in Exchange Online, add the View-Only Audit Logs or Audit Logs role, and then add the user as a member of the new role group. For more information, see Manage role groups in Exchange Online.
1. Start Windows PowerShell with the “Run as administrator” option
2. Install PowerShellGet Module. To install the ExchangeOnlineManagement module, you need PowerShellGet 2.0 or later version. Else, you end up with an error: Run: Install-Module PowerShellGet -Force
3. Run the following cmdlet to install Exchange Online PowerShell V2 Module: Install-Module –Name ExchangeOnlineManagement
For more information click here.
How Does a Firewall Work Step by Step? What Is a Firewall and How Does…
ROADTools is a powerful framework designed for exploring and interacting with Microsoft Azure Active Directory…
Microsoft 365 Groups (also known as M365 Groups or Unified Groups) are at the heart…
SeamlessPass is a specialized tool designed to leverage on-premises Active Directory Kerberos tickets to obtain…
PPLBlade is a powerful Protected Process Dumper designed to capture memory from target processes, hide…
HikPwn: Comprehensive Guide to Scanning Hikvision Devices for Vulnerabilities If you’re searching for an efficient…