Stats
Actions
Tags
From cybersec-toolkit
Parses Office 365 Unified Audit Logs via Microsoft Graph API to detect indicators of account compromise such as email forwarding, inbox delegation, and suspicious OAuth grants.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersec-toolkit:analyzing-office365-audit-logs-for-compromiseThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Business Email Compromise (BEC) attacks often leave traces in Office 365 audit logs: suspicious inbox rule creation, email forwarding to external addresses, mailbox delegation changes, and unauthorized OAuth application consent grants. This skill uses the Microsoft Graph API to query the Unified Audit Log, enumerate inbox rules across mailboxes, detect forwarding configurations, and identify co...
Business Email Compromise (BEC) attacks often leave traces in Office 365 audit logs: suspicious inbox rule creation, email forwarding to external addresses, mailbox delegation changes, and unauthorized OAuth application consent grants. This skill uses the Microsoft Graph API to query the Unified Audit Log, enumerate inbox rules across mailboxes, detect forwarding configurations, and identify compromised account indicators.
AuditLog.Read.All, MailboxSettings.Read, Mail.Read (application permissions)msal, requestsnpx claudepluginhub 26zl/cybersec-toolkit --plugin cybersec-toolkitParses Office 365 Unified Audit Logs via Microsoft Graph API to detect indicators of account compromise such as email forwarding, inbox delegation, and suspicious OAuth grants.
Parses Office 365 Unified Audit Logs via Microsoft Graph API to detect account compromise indicators like forwarding rules, inbox delegation, and OAuth grants. For SOC incident investigations and threat hunting.
Analyzes Office 365 unified audit logs via Microsoft Graph API to detect account compromise indicators: forwarding rules, inbox delegation, suspicious OAuth apps, BEC traces. Useful for cloud security investigations.