LogForge Logo LogForge
Home Vendors Search Download Login
Back to Directory
Microsoft Corporation Logo

Microsoft Corporation

Website 60 downloads 4 Products 5.0 (3)

Leading technology company providing cloud services, productivity software, and enterprise solutions

Download Package
CLI Install
logforge templates install microsoft

Azure Active Directory vCurrent

Microsoft's cloud-based identity and access management service providing single sign-on, multi-factor authentication, and identity protection

Authentication

JSON Medium Vol

Azure AD Sign-in Logs

Azure Active Directory sign-in logs capturing user authentication events with detailed device, location, and security context

View details

Defender for Identity vCurrent

Cloud-based security solution that identifies, detects, and investigates advanced threats, compromised identities, and malicious insider actions

Security-Alerts

JSON Medium Vol

Pass-the-Ticket Attack Detection

Microsoft Defender for Identity alert for pass-the-ticket attacks indicating lateral movement through stolen Kerberos tickets

View details

Office 365 vAll

Microsoft Office 365 cloud productivity suite including Exchange Online, SharePoint Online, OneDrive for Business, and Azure Active Directory. Logs are captured via the Office 365 Management Activity API.

Azure-Active-Directory

JSON Medium Vol

Azure AD Role Assignment

Records Azure Active Directory role assignment operations, particularly additions to privileged roles like Global Administrator, which represent privilege escalation and potential security risks

View details

Exchange

JSON Medium Vol

Inbox Rule Created with External Forwarding

Records New-InboxRule operations where users create email forwarding rules, often with external forwarding to bypass administrator controls and exfiltrate sensitive data

View details
JSON Medium Vol

Mailbox External Forwarding Configuration

Records New-InboxRule operations where users create email forwarding rules, often with external forwarding to bypass administrator controls and exfiltrate sensitive data

View details
JSON Medium Vol

Mailbox Permission Delegation

Records New-InboxRule operations where users create email forwarding rules, often with external forwarding to bypass administrator controls and exfiltrate sensitive data

View details

Sharepoint

JSON Medium Vol

SharePoint Anonymous Link Created

Records SharePoint Online anonymous link creation events where users create publicly accessible sharing links for files or folders, enabling external access without authentication

View details

Windows vMultiple versions supported

Microsoft Windows Operating System - comprehensive desktop and server platform

System

JSON Medium Vol

CLOP Ransomware Service Installation

CLOP Ransomware Service Installation - Known persistence mechanism used by CLOP ransomware family

View details