search

invictus-ir / Microsoft-Extractor-Suite

A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.
https://microsoft-365-extractor-suite.readthedocs.io/en/latest/
GNU General Public License v2.0
481 stars 68 forks source link

[Feature Request] Gather Co-Pilot Logs #102

Open etaylor77 opened 1 week ago

etaylor77 commented 1 week ago

I am a little behind the curve on this topic, so please correct me where I might be wrong of missing something.

In a test tenant, we see MS Co-Piot logs in the unified audit logs, but we are missing possible logs from the MS Teams API.

JoeyInvictus commented 1 week ago

Hi! Just to make sure I understand you correctly: in your test tenant, you can see the MS Co-Pilot logs in the Unified Audit Log. Are you viewing this through the GUI? Are the logs missing only when you use our tool to retrieve the Unified Audit Log?

Our tool uses the Search-UnifiedAuditLog cmdlet without any filtering, so it shouldn’t exclude Co-Pilot logs. However, we can look into it further.

Also, could you clarify what you mean by the MS Teams API missing logs? The Microsoft Team logs are included in the Unified Audit Log.

JoeyInvictus commented 1 day ago

Hi, any update on this?