O365_Unified_Auditlog_parser

1.5

O365 auditlog (Unified log) parser.

Applies to logs downloaded from https://protection.office.com/ - Search & investigation - Audit log search - Download - .csv

Downloaded log has 4 colums:
CreationDate | UserIds | Operations | Auditdata
Problem: the most important one (Auditdata) is string mess where data is delimited with ; , and [] and you can't really import it
O365 auditlog (Unified log) parser.

Applies to logs downloaded from https://protection.office.com/ - Search & investigation - Audit log search - Download - .csv

Downloaded log has 4 colums:
CreationDate | UserIds | Operations | Auditdata
Problem: the most important one (Auditdata) is string mess where data is delimited with ; , and [] and you can't really import it to excel to filter reasonably for examing.
Also problem: different services log more or less data so no fixed amount of columns

This parser will modify the Auditdata column, creates a table and exports the parsered csv file (to be imported to excel).
More comments inside the script.



Show more

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Script -Name O365_Unified_Auditlog_parser -RequiredVersion 1.5

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Package Details

Author(s)

  • mikko@lavento.com

Tags

O365 UnifiedAuditlog Auditlog parser

Dependencies

This script has no dependencies.

Release Notes

Added feature to accept sourcedirectory+file and destinationdirectory+file as arguments.
If they are omitted, script will ask sourcefile.
Examples:
-- .\O365_Unified_Auditlog_parser.ps1 -sourcefile "c:\dddd\sourcefile.csv" -destinationfile "c:\dddd\destinationfile.csv"
-- .\O365_Unified_Auditlog_parser.ps1 -sourcefile ".\AuditLog_2019-04-22_2019-04-30.csv" -destinationfile ".\AuditLog_2019-04-22_2019-04-30_parsered.csv"
Also added Columns: ImplicitShare, ModifiedProperties, SupportTicketId

FileList

Version History

Version Downloads Last updated
1.6 1,107 5/3/2019
1.5 (current version) 60 4/30/2019
1.4 144 1/17/2019
1.3 136 6/6/2018
1.2 38 5/29/2018
1.1 55 5/29/2018
1.0 39 5/27/2018
Show more