DFIR-O365RC

2.0.4

The DFIR-O365RC module will extract logs from the unified audit log (using Exchange Online and Purview), Entra ID Sign In logs, Entra ID Audit Logs, Azure Monitor and Azure DevOps activity logs

Minimum PowerShell version

5.1

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name DFIR-O365RC

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name DFIR-O365RC

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

ANSSI-FR

Package Details

Author(s)

INM-CLOUD@ssi.gouv.fr

Release Notes

               1.0.0 - Initial release
               1.1.0 - Added Get-AADDevices and Get-AzRMActivityLogs functions
               1.2.0 - Added Get-AzDevOpsActivityLogs function and added mailobx audit logs retrieval to the Search-O365 function
               2.0.0 - Rework of the project: use of an application to do the log collection, instead of an authenticated user. Add Purview

FileList

Version History

Version	Downloads	Last updated
2.0.4 (current version)	12	11/15/2024
2.0.3	8	10/30/2024
2.0.2	7	10/30/2024
2.0.1	6	10/30/2024
2.0.0	5	10/30/2024