Skip to content

Instantly share code, notes, and snippets.

@invictus-korstiaan

invictus-korstiaan/Indicators.csv

Last active December 4, 2023 11:00
Show Gist options
  • Save invictus-korstiaan/1cef223aea153a724cbdd05bcb7cabe7 to your computer and use it in GitHub Desktop.
Save invictus-korstiaan/1cef223aea153a724cbdd05bcb7cabe7 to your computer and use it in GitHub Desktop.
Download ZIP
Indicators
Raw
Indicators.csv
Module Detection Source
Get-GraphTokens Yes Unified Audit Log & Sign-In Logs
Invoke-RefreshGraphTokens No n/a
Get-AzureAppTokens Yes Sign-In Logs
Invoke-RefreshAzureAppTokens No n/a
Invoke-AutoTokenRefresh No n/a
Invoke-GraphRecon Yes MicrosoftGraphActivityLogs
Invoke-GraphRunner Yes MicrosoftGraphActivityLogs
Invoke-DumpCAPS No n/a
Invoke-DumpApps Yes MicrosoftGraphActivityLogs
Get-AzureADUsers Yes MicrosoftGraphActivityLogs
Get-SecurityGroups Yes MicrosoftGraphActivityLogs
Get-UpdatableGroups Yes MicrosoftGraphActivityLogs
Get-DynamicGroups Yes MicrosoftGraphActivityLogs
Get-SharePointSiteURLs Yes MicrosoftGraphActivityLogs
Invoke-GraphOpenInboxFinder Yes MicrosoftGraphActivityLogs
Get-TenantID No n/a
Invoke-InjectOAuthApp Yes MicrosoftGraphActivity Logs & Entra ID Audit Log
Invoke-SecurityGroupCloner Yes MicrosoftGraphActivityLogs & Entra ID Audit Log
Invoke-InviteGuest Yes MicrosoftGraphActivityLogs & Entra ID Audit Log
Invoke-AddGroupMember Yes MicrosoftGraphActivityLogs & Entra ID Audit Log & Unified Audit Log
Invoke-SearchSharePointAndOneDrive Yes MicrosoftGraphActivityLogs & Unified Audit Log
Invoke-ImmersiveFileReader Yes Unified Audit Log
Invoke-SearchMailbox Yes MicrosoftGraphActivityLogs & Unified Audit Log
Invoke-SearchTeams Yes MicrosoftGraphActivityLogs
Invoke-SearchUserAttributes Yes MicrosoftGraphActivityLogs
Get-Inbox Yes MicrosoftGraphActivityLogs
Get-TeamsChat Yes MicrosoftGraphActivityLogs
Invoke-AutoOAuthFlow No n/a
Invoke-DeleteOAuthApp Yes MicrosoftGraphActivityLogs & Entra ID Audit Log & Unified Audit Log
Invoke-DeleteGroup Yes MicrosoftGraphActivityLogs & Entra ID Audit Log & Unified Audit Log
Invoke-RemoveGroupMember Yes MicrosoftGraphActivityLogs & Entra ID Audit Log & Unified Audit Log
Invoke-DriveFileDownload Yes MicrosoftGraphActivityLogs & Unified Audit Log
Invoke-CheckAccess Yes MicrosoftGraphActivityLogs
Invoke-HTTPServer No n/a
Invoke-BruteClientIDAccess No n/a
Invoke-ImportTokens No n/a
Get-UserObjectID Yes MicrosoftGraphActivityLogs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment