Stats
Actions
Tags
Analyzes Office 365 unified audit logs via Microsoft Graph API to detect account compromise indicators: forwarding rules, inbox delegation, suspicious OAuth apps, BEC traces. Useful for cloud security investigations.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersecurity-skills-zh:analyzing-office365-audit-logs-for-compromiseThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
商业邮件欺诈(Business Email Compromise,BEC)攻击通常会在 Office 365 审计日志中留下痕迹:可疑的收件箱规则创建、将邮件转发到外部地址、邮箱委托更改以及未经授权的 OAuth 应用授权。本 skill 使用 Microsoft Graph API 查询统一审计日志,枚举各邮箱的收件箱规则,检测转发配置,并识别账户失陷指标。
商业邮件欺诈(Business Email Compromise,BEC)攻击通常会在 Office 365 审计日志中留下痕迹:可疑的收件箱规则创建、将邮件转发到外部地址、邮箱委托更改以及未经授权的 OAuth 应用授权。本 skill 使用 Microsoft Graph API 查询统一审计日志,枚举各邮箱的收件箱规则,检测转发配置,并识别账户失陷指标。
AuditLog.Read.All、MailboxSettings.Read、Mail.Read(应用权限)msal、requests 库npx claudepluginhub killvxk/cybersecurity-skills-zhParses Office 365 Unified Audit Logs via Microsoft Graph API to detect indicators of account compromise such as email forwarding, inbox delegation, and suspicious OAuth grants.
Parses Office 365 Unified Audit Logs via Microsoft Graph API to detect indicators of account compromise such as email forwarding, inbox delegation, and suspicious OAuth grants.
Parses Office 365 Unified Audit Logs via Microsoft Graph API to detect account compromise indicators like forwarding rules, inbox delegation, and OAuth grants. For SOC incident investigations and threat hunting.