Comments (7)
irocz1997
commented on June 26, 2024
1
PSMailbox_Operations_Export.csv
ApplicationGraphPermissions.csv
Domain_List.csv
from sparrow.
DeemOnSecurity
commented on June 26, 2024
Which 3 CSVs are being created?
from sparrow.
DeemOnSecurity
commented on June 26, 2024
Interesting. The traceback makes it appear that the Search-UnifiedAuditLog cmdlet is not returning any data.
Can you try connecting to exchange online using powershell, then running:
[datetime] $StartDate = [DateTime]::UtcNow.AddYears(-1).AddMinutes(10)
[datetime] $EndDate = [DateTime]::UtcNow
$PSLoginData1 = Search-UnifiedAuditLog -StartDate $StartDate -EndDate $EndDate -ResultSize 5000 -FreeText "a0c73c16-a7e3-4564-9a95-2bdf47383716"
$PSLoginData1 and see if any data is returned?
If no data is returned it could be indicative of a permissions issue and you will want to verify all permissions listed in the README.md are present.
from sparrow.
DeemOnSecurity
commented on June 26, 2024
Interesting. The traceback makes it appear that the
Search-UnifiedAuditLogcmdlet is not returning any data.Can you try connecting to exchange online using powershell, then running:
[datetime] $StartDate = [DateTime]::UtcNow.AddYears(-1).AddMinutes(10) [datetime] $EndDate = [DateTime]::UtcNow $PSLoginData1 = Search-UnifiedAuditLog -StartDate $StartDate -EndDate $EndDate -ResultSize 5000 -FreeText "a0c73c16-a7e3-4564-9a95-2bdf47383716" $PSLoginData1and see if any data is returned?
If no data is returned it could be indicative of a permissions issue and you will want to verify all permissions listed in the README.md are present.
You should be able to connect to exchange online with the cmdlet Connect-ExchangeOnline
from sparrow.
irocz1997
commented on June 26, 2024
I'm getting data returned. I'm getting user log entries back from 5/20 to the present.
from sparrow.
genericdevname
commented on June 26, 2024
Can you try running this command (connecting to exchange online with cmdlet Connect-ExchangeOnline):
[datetime] $StartDate = [DateTime]::UtcNow.AddYears(-1).AddMinutes(10)
[datetime] $EndDate = [DateTime]::UtcNow
$testData = Search-UnifiedAuditLog -StartDate $StartDate -EndDate $EndDate -ResultSize 5000
$testData
This will give a more generic output of the data in your environment. If data returns, that's a good first step to rule out permission issues. If it returns data, please let us know how far back it was able to get.
After running the above command, please try running this one:
[datetime] $StartDate = [DateTime]::UtcNow.AddYears(-1).AddMinutes(10)
[datetime] $EndDate = [DateTime]::UtcNow
$ConsentData = Search-UnifiedAuditLog -StartDate $StartDate -EndDate $EndDate -RecordType AzureActiveDirectory -Operations "Add OAuth2PermissionGrant","Consent to application" -ResultSize 5000
$ConsentData
Does this return data?
You can also run the other queries like this as well if you wanted to check all the operations manually.
from sparrow.
irocz1997
commented on June 26, 2024
I just went old school and rebooted the server and started the PS script over and it's working now. I now have CSV files all filled out.
Thank you for your time and Tshooting.
from sparrow.
Related Issues (20)
- Audit Log search error HOT 2
- Choose your Azure Environment [AzureCloud] HOT 17
- Not Getting output to CSV when Sparrow is run HOT 1
- Expand Script to use Azure AD Logs and Azure Activity logs instead of Unified Audit Log
- What exactly is the expected powershell output? HOT 7
- Readme Update - Explicit Export Information HOT 1
- "Choose Your Environment" comes up blank if AzureADPreview is installed instead of AzureAD module HOT 1
- Add docs on how to setup/retreive credentials HOT 2
- New-ExoPSSession : Access is denied HOT 3
- AppId's in PSLogin_Operations_Export query not in results HOT 5
- Issue while running sparrow.ps1 HOT 1
- Aviary dashboard that works with live o365 data in Splunk
- Run via Taskmanager HOT 1
- Delete
- Having issues running the script for Sparrow ps1
- Error running in GCC High
- Errors connecting to Exchange environment
- How to Upload Dashboard HOT 3
- How do I ingest the csv files into the dashboard? HOT 2
- One more time
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sparrow.