Home
Welcome to the Microsoft-Analyzer-Suite Wiki!
This suite contains multiple PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID extracted via Microsoft-Extractor-Suite by Invictus Incident Response.
- Windows PowerShell 5.1 or newer.
- Clone this GitHub repository or download the ZIP archive.
- Create your free IPinfo account (Access Token required).
https://ipinfo.io/signup?ref=cli - Enter your personal IPinfo Access Token within
Config.ps1
$script:Token = "access_token" # Please insert your Access Token here (Default: access_token) - Install ImportExcel PowerShell module to import/export Excel spreadsheets, without Excel.
Install-Module -Name ImportExcel
- Run the specific script in PowerShell (e.g. UAL-Analyzer.ps1).
Open PowerShell and navigate to the directory containing UAL-Analyzer.ps1 and simply run the script with following command:
.\UAL-Analyzer.ps1
Fig 1: Select your 'UAL-Combined.csv' file
You can skip the file selection dialog and provide the file path to your log file with following command:
.\UAL-Analyzer.ps1 -Path "$env:USERPROFILE\Desktop\UAL-Combined.csv"
You can specify the output directory with following command (Default is "$env:USERPROFILE\Desktop\UAL-Analyzer"):
.\UAL-Analyzer.ps1 -Path "H:\Microsoft-Extractor-Suite\UAL-Combined.csv" -OutputDir "H:\Microsoft-Analyzer-Suite"
Note
The subdirectory 'UAL-Analyzer' is automatically created.
This project is licensed under the MIT License - see the LICENSE file for details.