A Microsoft 365 incident response and investigation powershell module with a focus on email phishing attacks. Redkite is designed to check ExchangeOnline for common indicators of compromised email accounts. The checks look at mailbox rules that are commonly put in place by malicious actors to obfuscate their activity. The data is provided in a CS... More info

Checks Historical Message Trace using Purview for inbound messages with no connector, filters by internal messages (indicative of Direct Send), detects tenant domains automatically, summarizes per tenant domain, and exports full report for review.