HAWK
1.8.1
It does NOT take the place of a human reviewing the data generated and is simply here to make data gathering easier.
Hawk has moved to GitHub and is a
It does NOT take the place of a human reviewing the data generated and is simply here to make data gathering easier.
Hawk has moved to GitHub and is availble for all to contribute.
https://github.com/Canthv0/hawk
Minimum PowerShell version
5.0
Installation Options
Owners
Copyright
(c) 2019 matbyrd@microsoft.com. All rights reserved.
Package Details
Author(s)
- hawk_feedback@microsoft.com
Tags
O365 Security Audit Breach Investigation Exchange EXO Compliance Logon
Functions
Get-HawkTenantAzureAuthenticationLogs Get-HawkTenantConfiguration Get-HawkTenantEDiscoveryConfiguration Get-HawkTenantInboxRules Get-HawkTenantOauthConsentGrants Get-HawkTenantRBACChanges Get-HawkUserAuthHistory Get-HawkUserConfiguration Get-HawkUserEmailForwarding Get-HawkUserInboxRule Get-HawkUserMailboxAuditing Initialize-HawkGlobalObject Search-HawkTenantActivityByIP Search-HawkTenantEXOAuditLog Show-HawkHelp Start-HawkTenantInvestigation Start-HawkUserInvestigation Update-HawkModule Get-HawkUserAdminAudit Get-HawkTenantAuthHistory Get-HawkUserHiddenRule Get-HawkMessageHeader
Dependencies
-
- CloudConnect (>= 0.6.0)
- PSAppInsights (>= 0.9.6)
- RobustCloudCommand (>= 1.1.0)
Release Notes
1.8.1 - Moved to RobustCloudCommand module instead of script
1.8.0 - Leverages ConnectCloud Module to connect to EXO if no current connection
1.8.0 - Updated Help for all HawkUser cmdlets
1.8.0 - Removed XML output for all HawkUser cmdlets
1.7.1 - Fixed issues with Initialize-HawkGlobalObject where some switches were not defaulting to False
1.7.1 - Removed xml output from Get-HawkUserMailboxAuditing as part of continued output cleanup/streamlining
1.7.1 - Updated Help on Get-HawkUserMailboxAuditing
1.7.1 - Get-HawkUserMailboxAuditing now searches the Mailbox Audit Log as well as the Unified Audit Log
1.7.0 - Rework of Initialize-HawkGlobalObject to now accept swtiches to facilitate scripting Hawk Commands
1.7.0 - Further help updates
1.7.0 - Moved Initialize-HawkGlobalObject into its own ps1 file in the General Folder
1.6.11 - Get-HawkMessageHeader removed HTML output outputs to CSV now
1.6.11 - Started working thru help documentation
1.6.9 - Corrected an issue that would cause excessive memory usage on Get-HawkTenantAzureAuthenticationLogs
1.6.5 - Updates to Get-HawkTenantAzureAuthenticationLogs to better diagnose issues (addtional)
1.6.4 - Updates to Get-HawkTenantAzureAuthenticationLogs to better diagnose issues
1.6.2 - Updated Help on Get-HawkUserHiddenRule with what to do with the output
1.6.2 - Fixed issue with output of Get-HawkUserHiddenRule to output ID and priority into a text file
1.6.2 - Updated name of Get-HawkUserHiddenRule to be in line with naming convention
1.6.1 - Added Azure AppInsight integration
FileList
- Hawk.nuspec
- Hawk.psd1
- Hawk.psm1
- LICENSE
- Microsoft.IdentityModel.Clients.ActiveDirectory.dll
- Microsoft.IdentityModel.Clients.ActiveDirectory.WindowsForms.dll
- README.md
- System.Net.IPNetwork.dll
- General\Initialize-HawkGlobalObject.ps1
- Message\Get-HawkMessageHeader.ps1
- Tenant\Get-HawkTenantAuthHistory.ps1
- Tenant\Get-HawkTenantAzureAuthenticationLogs.ps1
- Tenant\Get-HawkTenantConfiguration.ps1
- Tenant\Get-HawkTenantEDiscoveryConfiguration.ps1
- Tenant\Get-HawkTenantInboxRules.ps1
- Tenant\Get-HawkTenantOauthConsentGrants.ps1
- Tenant\Get-HawkTenantRbacChanges.ps1
- Tenant\Search-HawkTenantActivityByIP.ps1
- Tenant\Search-HawkTenantEXOAuditLog.ps1
- Tenant\Start-HawkTenantInvestigation.ps1
- User\Get-HawkUserAdminAudit.ps1
- User\Get-HawkUserAuthHistory.ps1
- User\Get-HawkUserConfiguration.ps1
- User\Get-HawkUserEmailForwarding.ps1
- User\Get-HawkUserHiddenRule.ps1
- User\Get-HawkUserInboxRule.ps1
- User\Get-HawkUserMailboxAuditing.ps1
- User\Start-HawkUserInvestigation.ps1
Version History
Version | Downloads | Last updated |
---|---|---|
3.1.0 | 37,301 | 3/30/2023 |
3.0.0 | 4,252 | 4/9/2022 |
2.0.3.2 | 4,559 | 5/7/2021 |
2.0.3.1 | 28 | 5/7/2021 |
2.0.2 | 31 | 5/7/2021 |
2.0.1 | 514 | 3/31/2021 |
2.0.0 | 1,236 | 1/5/2021 |
1.15.1 | 225 | 12/19/2020 |
1.15.0 | 3,415 | 12/19/2019 |
1.14.3 | 52 | 12/18/2019 |
1.14.2 | 366 | 11/13/2019 |
1.14.1 | 27 | 11/13/2019 |
1.14.0 | 461 | 9/25/2019 |
1.13.6 | 308 | 8/29/2019 |
1.13.3 | 61 | 8/26/2019 |
1.13.2 | 76 | 8/22/2019 |
1.13.1 | 54 | 8/21/2019 |
1.13.0 | 58 | 8/20/2019 |
1.12.1 | 30 | 8/20/2019 |
1.12.0 | 27 | 8/20/2019 |
1.10.1 | 412 | 7/9/2019 |
1.9.0 | 27 | 7/9/2019 |
1.8.8 | 29 | 7/9/2019 |
1.8.7 | 366 | 6/14/2019 |
1.8.6 | 342 | 5/24/2019 |
1.8.5 | 34 | 5/23/2019 |
1.8.4 | 59 | 5/21/2019 |
1.8.3 | 70 | 5/16/2019 |
1.8.2 | 29 | 5/16/2019 |
1.8.1 (current version) | 47 | 5/14/2019 |
1.8.0 | 30 | 5/14/2019 |
1.7.1 | 364 | 4/23/2019 |
1.6.13 | 176 | 4/12/2019 |
1.6.11 | 75 | 4/3/2019 |
1.6.9 | 534 | 12/13/2018 |
1.6.8 | 25 | 12/13/2018 |
1.6.7 | 33 | 12/12/2018 |
1.6.6 | 29 | 12/12/2018 |
1.6.5 | 30 | 12/12/2018 |
1.6.4 | 27 | 12/11/2018 |
1.6.3 | 84 | 12/10/2018 |
1.6.1 | 198 | 11/13/2018 |
1.6.0 | 29 | 11/13/2018 |
1.5.0 | 72 | 11/8/2018 |
1.4.0 | 82 | 10/30/2018 |
1.3.2 | 160 | 10/1/2018 |
1.3.1 | 31 | 10/1/2018 |
1.2.6 | 52 | 9/27/2018 |
1.2.5 | 29 | 9/27/2018 |
1.2.4 | 103 | 9/6/2018 |
1.2.3 | 203 | 7/19/2018 |
1.2.2 | 108 | 6/29/2018 |
1.2.1 | 46 | 6/26/2018 |
1.2.0 | 32 | 6/25/2018 |
1.1.4 | 344 | 5/18/2018 |