Collect the data source Microsoft Entra ID sign-in logs

invictus-ir / Microsoft-Extractor-Suite

A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.

https://microsoft-365-extractor-suite.readthedocs.io/en/latest/

GNU General Public License v2.0

472 stars 67 forks source link

Collect the data source Microsoft Entra ID sign-in logs #101

Closed Zawadidone closed 1 hour ago

Zawadidone commented 2 hours ago

It would be nice if the tool is able to collect Microsoft Entra ID sign-in logs.

References

https://learn.microsoft.com/en-us/entra/identity/monitoring-health/concept-sign-ins

JoeyInvictus commented 1 hour ago

Hi! Our tool supports acquiring Entra Sign-In logs through two methods! If you prefer using the AzureADPreview module, you can use Get-ADSignInLogs. If like Graph more, you can retrieve them using Get-ADSignInLogsGraph.

You can find our documentation and an overview of all the log sources collected by the tool here: https://microsoft-365-extractor-suite.readthedocs.io/en/latest/

Zawadidone commented 1 hour ago

Nice, I misread the documentation because of the new name of Azure AD, thanks!

JoeyInvictus commented 1 hour ago

Made a note to update the names to Entra ID in the next update :)