Скачать с ютуб Unlocking the Power of Microsoft Purview UAL: Parse JSON Logs with PowerShell | Cybersecurity Demo в хорошем качестве

Unlocking the Power of Microsoft Purview UAL: Parse JSON Logs with PowerShell | Cybersecurity Demo

Are you ready to elevate your incident response game? In this walkthrough, Logan Hillard, Cyber Security Consultant at ProArch, demonstrates how to analyze Microsoft Purview Unified Audit Logs (UAL) and parse JSON output using PowerShell—a crucial skill for cybersecurity pros, auditors, and threat hunters. 🔍 Why This Matters: Unified Audit Logs (UAL) offer a powerful window into user behavior, system activity, and potential attacker footprints within Microsoft 365 environments. By parsing JSON output with PowerShell, you can streamline analysis, automate detections, and enhance your threat response capabilities. 📚 What You’ll Learn: • What are Unified Audit Logs (UAL)? • How to access and retrieve UAL data from Microsoft Purview • Techniques for parsing JSON output with PowerShell • Real-world use cases for post-incident investigation and auditing • Tips for filtering and interpreting key fields 🛠️ PowerShell Code Used in Demo: $ualLogs = Import-Csv -Path .\YOUR_FILE_NAME.csv $audit = $ualLogs.auditdata | convertfrom-json $audit.ClientIPAddress $malIP = $audit | ForEach-Object { if ($_.ClientIPAddress -eq "IP_Address") { $_ } } $malIP.Operation $malOperation = $malIP | ForEach-Object { if ($_.Operations -eq "Exchange") { $_ } } $malOperation 💬 Who Should Watch: • Cybersecurity Analysts • Incident Responders • Compliance & Audit Professionals • Microsoft Security Admins 👨‍💻 About the Presenter: Logan Hillard is a Cyber Security Consultant at ProArch with hands-on experience in Microsoft Security, SIEM integrations, and cloud risk mitigation. 🔗 More from ProArch: https://www.proarch.com