Azure-AD-Incident-Response-PowerShell-Module
Incident response tools
Provides tools to help respond to security incidents in Azure Active Directory by automating tasks and data retrieval.
The Azure Active Directory Incident Response PowerShell module provides a number of tools, developed by the Azure Active Directory Product Group in conjunction with the Microsoft Detection and Response Team (DART), to assist in compromise response.
421 stars
23 watching
49 forks
Language: PowerShell
last commit: over 1 year ago azureadincident-responsepowershellpowershell-module
Related projects:
| Repository | Description | Stars |
|---|---|---|
| azuread/azureadassessment | A toolset for assessing the state and configuration of Azure Active Directory tenants using PowerShell scripts. | 757 |
 cloud-architekt/azuread-attack-defense | A collection of attack scenarios and mitigation strategies for Microsoft Entra ID | 2,149 |
 mgeeky/azurert | A PowerShell module for interacting with Azure and Azure AD from an offensive perspective. | 227 |
 jimtin/ircoreforensicframework | Automates incident response actions to gather and process forensic artefacts from remote systems | 22 |
 michaelgrafnetter/dsinternals | Tools for interacting with and auditing directory services, including Active Directory and Azure Active Directory | 1,654 |
 azure/networkmonitoring | Tools for monitoring network performance and availability from Azure. | 104 |
 mandiant/mandiant-azure-ad-investigator | A PowerShell module designed to detect potential security threats in Azure AD environments | 615 |
 cisagov/untitledgoosetool | A tool for investigating and responding to security incidents in cloud-based Microsoft environments. | 913 |
 microsoft/manageability-toolkits | Automates deployment of Azure log alerts to Log Analytics workspace | 68 |
 gerenios/aadinternals | A PowerShell module for administering Azure AD and Office 365 | 1,302 |
 davehull/kansa | A modular incident response framework in Powershell | 1,559 |
 ajmartel/irtriage | Automated incident response tool for collecting critical system information during forensic analysis of Windows systems. | 130 |
 fsecurelabs/azurite | Assists in auditing and penetration testing of Microsoft Azure cloud environments by collecting and visualizing deployment information. | 249 |
| azure/azure-proactive-resiliency-library-v2 | A curated catalog of resiliency recommendations for workloads running in Azure | 67 |
| azuread/azure-activedirectory-identitymodel-extensions-for-dotnet | A set of libraries and tools for authenticating users with multiple identity providers in .NET applications | 1,060 |