Home
Welcome to the Microsoft-Analyzer-Suite Wiki! 🚀
This suite contains multiple PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID extracted via Microsoft-Extractor-Suite by Invictus Incident Response.
- Windows PowerShell 5.1 or newer.
- Download the latest version of the Microsoft-Analyzer-Suite from the Releases section.
- Create your free IPinfo account (Access Token required).
https://ipinfo.io/signup?ref=cli - Enter your personal IPinfo Access Token within
Config.json(and edit optional settings)
-
Install ImportExcel PowerShell module to import/export Excel spreadsheets, without Excel.
Install-Module -Name ImportExcel
-
Run the specific script in PowerShell (e.g. UAL-Analyzer.ps1).
Open PowerShell and navigate to the directory containing UAL-Analyzer.ps1 and run the script with following command:
.\UAL-Analyzer.ps1
Fig 1: Select your 'UAL-Combined.csv' file
You can skip the file selection dialog and provide the file path to your log file with following command:
.\UAL-Analyzer.ps1 -Path "$env:USERPROFILE\Desktop\UAL-Combined.csv"
You can specify the output directory with following command (Default is "$env:USERPROFILE\Desktop\UAL-Analyzer"):
.\UAL-Analyzer.ps1 -Path "H:\Microsoft-Extractor-Suite\UAL-Combined.csv" -OutputDir "H:\Microsoft-Analyzer-Suite"
Note
The subdirectory 'UAL-Analyzer' is automatically created.
Display basic help information about a script:
Get-Help -Name C:\Tools\Microsoft-Analyzer-Suite\ADSignInLogsGraph-Analyzer.ps1Display examples of using a script
Get-Help -Name C:\Tools\Microsoft-Analyzer-Suite\ADSignInLogsGraph-Analyzer.ps1 -ExamplesDisplay detailed information about a script:
Get-Help -Name C:\Tools\Microsoft-Analyzer-Suite\ADSignInLogsGraph-Analyzer.ps1 -DetailedHappy Hunting! 🕵️