Discover and read the best of Twitter Threads about #threathunt

Most recents (1)

OK, so there is definitely a problem with the Search-UnifiedAuditLog cmdlet in #Microsoft365. Confirmed this in multiple tenants - here's what I'm seeing: 🧵

#threathunting #threathunt #auditlogs #M365 #Office365 #O365 #M365Security
First, go to security.microsoft.com -> Audit and perform a new search for all events in a given timeframe (a few hours, total). Have this available for reference.
Next, open PowerShell and connect to Exchange Online:

Connect-ExchangeOnline

You ran a search in the Defender portal with a date range of a few hours. Within that same timeframe, pick an even smaller date/time range that has < 100 events. You'll need those timestamps next.
Read 13 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!