Wrangling the M365 UAL with PowerShell and SOF-ELK (Part 1 of 3)
ATT&CK techniques detected
T1059.001PowerShell
94%
"base aws ec2 instance ( t2. medium ), downloading powershell 7. x, and installing the exo module : # download and install powershell 7. x. x - msi iex " & { $ ( irm https : / / aka. ms / install - powershell. ps1 ) } - usemsi - quiet " # run from powershell v7 ( pwsh ) - install …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Patterson Cake // When it comes to M365 audit and investigation, the “Unified Audit Log” (UAL) is your friend. It can be surly, obstinate, and wholly inadequate, but your friend […]
The post Wrangling the M365 UAL with PowerShell and SOF-ELK (Part 1 of 3) appeared first on Black Hills Information Security, Inc..