Microsoft-Extractor-Suite

Installation

  • Prerequisites and Permissions
  • Installation

Microsoft 365 functionalities

  • Unified Audit Log
  • Unified Audit Log via Graph API
  • Admin Audit Log
  • Mailbox Audit Log
  • Message Trace Log
  • Inbox Rules
  • Transport Rules
  • MailItemsAccessed
  • E-mails/Attachments
  • Retrieve Mailbox Audit Status
  • Retrieve Mailbox Delegated Permissions

Azure & Entra ID functionalities

  • Entra ID sign-in logs
  • Entra ID Audit Log
  • Azure Activity Logs
  • Azure Directory Activity Logs
  • Azure Sign-in Logs via Graph API
  • Azure Audit Logs via Graph API
  • Conditional Access Policies
  • Retrieve Device Information
  • OAuth Permissions
  • User Information
  • Identity Protection
  • Group Information
  • License Information

Additional Tools

  • Automated Evidence Collection (BETA)

Project

  • About Us
  • Frequently Asked Questions
  • Known errors
Microsoft-Extractor-Suite
  • Search

© Copyright Copyright 2025 Invictus Incident Response.

Built with Sphinx using a theme provided by Read the Docs.