analyzing-office365-audit-logs-for-compromise
CommunityDetect Office 365 compromise indicators.
System Documentation
What problem does it solve?
Office 365 environments often conceal compromise indicators across audit logs, inbox rules, mailbox delegation, and OAuth consents, complicating detection and response. This skill provides a structured approach to query the Microsoft Graph Unified Audit Log, enumerate inbox rules across mailboxes, detect suspicious forwarding configurations, and identify indicators of compromise to accelerate response.
Core Features & Use Cases
- Detect suspicious inbox rules and forwarding configurations that may indicate account compromise.
- Enumerate mailbox delegation changes and OAuth consent grants to identify risky activity and attacker persistence.
- Produce structured JSON reports with risk scores and attack timelines to support incident response and threat hunting.
- Apply across multiple tenants and mailboxes for scalable monitoring and verification.
Quick Start
Run the Office 365 compromise audit using the agent with your Azure AD tenant, client ID, and client secret.
Dependency Matrix
Required Modules
Components
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: analyzing-office365-audit-logs-for-compromise Download link: https://github.com/Axxxxxxaaann/KAIRI-Skills/archive/main.zip#analyzing-office365-audit-logs-for-compromise Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.