This script makes it possible to extract log data out of an Office365 environment. The script created by us consist out of four main options, which enable the investigator to easily extract logging out of an Office365 environment.
Pretty straightforward a search is executed and the total number of logs within the
set timeframe will be displayed and written to a csv file called “Amount_Of_Audit_Logs.csv” the file is prefixed with a random number to prevent duplicates.
Extract all audit logs” this option wil get all available audit logs within the set timeframe and written out to a file called AuditRecords.CSV.
Extract a group of logs. You can for example extract all Exchange or Azure logging in one go
Extract specific audit logs” Use this option if you want to extract a subset of the audit logs. To configure what logs will be extracted the tool needs to
be configured with the required Record Types. A full list of recordtypes can be found at the bottom of this page.
The output files will be writen in a directory called ‘Log_Directory” and will be given the name of their recordtype e.g. (ExchangeItem_AuditRecords.csv)
-Exchange Online PowerShell V2 Module
-PowerShell
-Office365 account with privileges to access/extract audit logging
-One of the following windows versions:
Windows 10, Windows 8.1, Windows 8, or Windows 7 Service Pack 1 (SP1)
Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 SP1
You have to be assigned the View-Only Audit Logs or Audit Logs role in Exchange Online to search the Office 365 audit log.
By default, these roles are assigned to the Compliance Management and Organization Management role groups on the Permissions page in the Exchange admin center.
To give a user the ability to search the Office 365 audit log with the minimum level of privileges, you can create a custom role group in Exchange Online, add the View-Only Audit Logs or Audit Logs role, and then add the user as a member of the new role group. For more information, see Manage role groups in Exchange Online.
1. Start Windows PowerShell with the “Run as administrator” option
2. Install PowerShellGet Module. To install the ExchangeOnlineManagement module, you need PowerShellGet 2.0 or later version. Else, you end up with an error: Run: Install-Module PowerShellGet -Force
3. Run the following cmdlet to install Exchange Online PowerShell V2 Module: Install-Module –Name ExchangeOnlineManagement
For more information click here.
Introduction Unlock the full potential of your Linux system with this comprehensive guide to essential…
Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…