├── .gitignore ├── ActivityFunctionApp.ps1 ├── AutomateDefender ├── Readme.md └── function.zip ├── AzureADGraph.ps1 ├── Enablesubscription.ps1 ├── FunctionApp1.png ├── FunctionApp2.png ├── FunctionApp3.png ├── FunctionApp4.png ├── FunctionApp5.png ├── HighVolumeDLP ├── analyst.txt ├── multithreadanalyst.ps1 ├── newincident.ps1 ├── readme.md └── sentinelupload ├── LICENSE ├── PBI_Report ├── AI Template III.pbit ├── AI Template V.pbit ├── Board IX.pbit ├── Credentials I.pbit ├── DLP Stats Template III.pbit ├── Project VI.pbit └── Readme.md ├── README.md ├── Sentinel ├── AnalyticsRule │ ├── SynchDLPAnalyticRulesOffice.ps1 │ ├── readme.md │ └── ruletemplate.yaml ├── EndPoint │ ├── Functions.zip │ ├── Kudu.jpg │ ├── dlpservice.zip │ ├── endpointruletemplate (3).yaml │ ├── readme.md │ └── ruletemplate.txt ├── EndPointDLP_preview │ ├── Analytics │ │ ├── SynchDLPAnalyticRulesEndpoint.ps1 │ │ ├── endpointruletemplate.yaml │ │ └── readme.md │ ├── DocumentCopy │ │ ├── BlobtoSPO.json │ │ ├── endpointdeploy.ps1 │ │ ├── endpointscr.ps1 │ │ ├── img │ │ │ ├── img1.png │ │ │ ├── img2.png │ │ │ ├── img3.png │ │ │ ├── img4.png │ │ │ └── tst.md │ │ └── readme.md │ ├── QueueDLPEvents.ps1 │ ├── Report │ │ ├── endpoint.json │ │ └── readme.md │ ├── SensitiveInfoType.ps1 │ ├── StoreEndpointDLPEvents.ps1 │ ├── deploysentinelfunction.json │ ├── enablesubscription.ps1 │ ├── endpointdlpservice.zip │ └── readme.md ├── QueueEvents.ps1 ├── Readme.md ├── Report │ ├── Exchange & Teams DLP Report.workbook.json │ ├── SharePoint DLP Report.workbook.json │ ├── img │ │ ├── report1.png │ │ ├── report2.png │ │ ├── report3.png │ │ ├── report4.png │ │ └── test.md │ ├── organization.json │ └── readme.md ├── StoreEvents.ps1 ├── deploySentinelfunction.json ├── deploySentinelfunction.parameters.json ├── dlpservice.zip ├── enablesubscription.ps1 ├── logicapp │ ├── dlpaction.json │ ├── img │ │ ├── blank.md │ │ └── incident1.png │ ├── messageid.ps1 │ └── readme.md ├── mipservice │ ├── MIPService.zip │ ├── MIPmap.csv │ ├── SensitivityLabels.json │ ├── importwatch.ps1 │ └── readme.md └── msgtrace │ ├── ingestmsgtrace.ps1 │ ├── ingestmsgtrace_with_detail.ps1 │ └── readme.md ├── Sentinel_CloudApp ├── Azure_Sentinel_analytics_rules.json ├── EndpointSensitiveInfo.json ├── Label Statistics.json ├── MIPmap.csv └── readme.md ├── Sentinel_Deployment ├── deploymentScript.ps1 ├── functionPackage.zip ├── functionPackage │ ├── Modules │ │ └── AzMon.Ingestion │ │ │ ├── AzMon.Ingestion.psd1 │ │ │ ├── AzMon.Ingestion.psm1 │ │ │ ├── Azure.Core.dll │ │ │ ├── Azure.Identity.dll │ │ │ ├── Azure.Monitor.Ingestion.dll │ │ │ ├── Microsoft.Bcl.AsyncInterfaces.dll │ │ │ ├── Microsoft.Identity.Client.Extensions.Msal.dll │ │ │ ├── Microsoft.Identity.Client.dll │ │ │ ├── Microsoft.IdentityModel.Abstractions.dll │ │ │ ├── System.ClientModel.dll │ │ │ ├── System.Memory.Data.dll │ │ │ └── System.Security.Cryptography.ProtectedData.dll │ ├── QueueDLPEvents │ │ ├── function.json │ │ └── run.ps1 │ ├── StoreDLPEvents │ │ ├── function.json │ │ └── run.ps1 │ ├── SyncDLPAnalyticsRules │ │ ├── function.json │ │ ├── readme.md │ │ ├── run.ps1 │ │ └── workloads.json │ ├── SyncSensitivityLabels │ │ ├── function.json │ │ ├── readme.md │ │ └── run.ps1 │ ├── host.json │ ├── profile.ps1 │ ├── requirements.psd1 │ └── version.info ├── images │ ├── incident.png │ ├── incidentManagement.png │ └── lawid.png ├── main.bicep ├── main.json ├── modules │ ├── customDcrTables.bicep │ ├── functionApp.bicep │ ├── functionAppPE.bicep │ ├── keyVault.bicep │ ├── lawCustomTable.bicep │ ├── lawFunction.bicep │ ├── lawRoleAssignment.bicep │ ├── privateNetwork.bicep │ ├── sentinelRules.bicep │ ├── sentinelWatchlists.bicep │ └── sentinelWorkbooks.bicep ├── nuget.csproj ├── readme.md └── releaseNotes.md ├── V2Function_Investigate ├── EnableSubscription.ps1 ├── QueueEvents.ps1 └── StoreEvents.ps1 └── investigation ├── Enablesubscription.ps1 ├── QueueEvents.ps1 └── StoreEvents.ps1 /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/.gitignore -------------------------------------------------------------------------------- /ActivityFunctionApp.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/ActivityFunctionApp.ps1 -------------------------------------------------------------------------------- /AutomateDefender/Readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/AutomateDefender/Readme.md -------------------------------------------------------------------------------- /AutomateDefender/function.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/AutomateDefender/function.zip -------------------------------------------------------------------------------- /AzureADGraph.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/AzureADGraph.ps1 -------------------------------------------------------------------------------- /Enablesubscription.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Enablesubscription.ps1 -------------------------------------------------------------------------------- /FunctionApp1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/FunctionApp1.png -------------------------------------------------------------------------------- /FunctionApp2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/FunctionApp2.png -------------------------------------------------------------------------------- /FunctionApp3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/FunctionApp3.png -------------------------------------------------------------------------------- /FunctionApp4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/FunctionApp4.png -------------------------------------------------------------------------------- /FunctionApp5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/FunctionApp5.png -------------------------------------------------------------------------------- /HighVolumeDLP/analyst.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/HighVolumeDLP/analyst.txt -------------------------------------------------------------------------------- /HighVolumeDLP/multithreadanalyst.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/HighVolumeDLP/multithreadanalyst.ps1 -------------------------------------------------------------------------------- /HighVolumeDLP/newincident.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/HighVolumeDLP/newincident.ps1 -------------------------------------------------------------------------------- /HighVolumeDLP/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/HighVolumeDLP/readme.md -------------------------------------------------------------------------------- /HighVolumeDLP/sentinelupload: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/HighVolumeDLP/sentinelupload -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/LICENSE -------------------------------------------------------------------------------- /PBI_Report/AI Template III.pbit: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/PBI_Report/AI Template III.pbit -------------------------------------------------------------------------------- /PBI_Report/AI Template V.pbit: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/PBI_Report/AI Template V.pbit -------------------------------------------------------------------------------- /PBI_Report/Board IX.pbit: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/PBI_Report/Board IX.pbit -------------------------------------------------------------------------------- /PBI_Report/Credentials I.pbit: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/PBI_Report/Credentials I.pbit -------------------------------------------------------------------------------- /PBI_Report/DLP Stats Template III.pbit: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/PBI_Report/DLP Stats Template III.pbit -------------------------------------------------------------------------------- /PBI_Report/Project VI.pbit: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/PBI_Report/Project VI.pbit -------------------------------------------------------------------------------- /PBI_Report/Readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/PBI_Report/Readme.md -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/README.md -------------------------------------------------------------------------------- /Sentinel/AnalyticsRule/SynchDLPAnalyticRulesOffice.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/AnalyticsRule/SynchDLPAnalyticRulesOffice.ps1 -------------------------------------------------------------------------------- /Sentinel/AnalyticsRule/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/AnalyticsRule/readme.md -------------------------------------------------------------------------------- /Sentinel/AnalyticsRule/ruletemplate.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/AnalyticsRule/ruletemplate.yaml -------------------------------------------------------------------------------- /Sentinel/EndPoint/Functions.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/EndPoint/Functions.zip -------------------------------------------------------------------------------- /Sentinel/EndPoint/Kudu.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/EndPoint/Kudu.jpg -------------------------------------------------------------------------------- /Sentinel/EndPoint/dlpservice.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/EndPoint/dlpservice.zip -------------------------------------------------------------------------------- /Sentinel/EndPoint/endpointruletemplate (3).yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/EndPoint/endpointruletemplate (3).yaml -------------------------------------------------------------------------------- /Sentinel/EndPoint/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/EndPoint/readme.md -------------------------------------------------------------------------------- /Sentinel/EndPoint/ruletemplate.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/EndPoint/ruletemplate.txt -------------------------------------------------------------------------------- /Sentinel/EndPointDLP_preview/Analytics/SynchDLPAnalyticRulesEndpoint.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/EndPointDLP_preview/Analytics/SynchDLPAnalyticRulesEndpoint.ps1 -------------------------------------------------------------------------------- /Sentinel/EndPointDLP_preview/Analytics/endpointruletemplate.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/EndPointDLP_preview/Analytics/endpointruletemplate.yaml -------------------------------------------------------------------------------- /Sentinel/EndPointDLP_preview/Analytics/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/EndPointDLP_preview/Analytics/readme.md -------------------------------------------------------------------------------- /Sentinel/EndPointDLP_preview/DocumentCopy/BlobtoSPO.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/EndPointDLP_preview/DocumentCopy/BlobtoSPO.json -------------------------------------------------------------------------------- /Sentinel/EndPointDLP_preview/DocumentCopy/endpointdeploy.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/EndPointDLP_preview/DocumentCopy/endpointdeploy.ps1 -------------------------------------------------------------------------------- /Sentinel/EndPointDLP_preview/DocumentCopy/endpointscr.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/EndPointDLP_preview/DocumentCopy/endpointscr.ps1 -------------------------------------------------------------------------------- /Sentinel/EndPointDLP_preview/DocumentCopy/img/img1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/EndPointDLP_preview/DocumentCopy/img/img1.png -------------------------------------------------------------------------------- /Sentinel/EndPointDLP_preview/DocumentCopy/img/img2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/EndPointDLP_preview/DocumentCopy/img/img2.png -------------------------------------------------------------------------------- /Sentinel/EndPointDLP_preview/DocumentCopy/img/img3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/EndPointDLP_preview/DocumentCopy/img/img3.png -------------------------------------------------------------------------------- /Sentinel/EndPointDLP_preview/DocumentCopy/img/img4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/EndPointDLP_preview/DocumentCopy/img/img4.png -------------------------------------------------------------------------------- /Sentinel/EndPointDLP_preview/DocumentCopy/img/tst.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Sentinel/EndPointDLP_preview/DocumentCopy/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/EndPointDLP_preview/DocumentCopy/readme.md -------------------------------------------------------------------------------- /Sentinel/EndPointDLP_preview/QueueDLPEvents.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/EndPointDLP_preview/QueueDLPEvents.ps1 -------------------------------------------------------------------------------- /Sentinel/EndPointDLP_preview/Report/endpoint.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/EndPointDLP_preview/Report/endpoint.json -------------------------------------------------------------------------------- /Sentinel/EndPointDLP_preview/Report/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/EndPointDLP_preview/Report/readme.md -------------------------------------------------------------------------------- /Sentinel/EndPointDLP_preview/SensitiveInfoType.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/EndPointDLP_preview/SensitiveInfoType.ps1 -------------------------------------------------------------------------------- /Sentinel/EndPointDLP_preview/StoreEndpointDLPEvents.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/EndPointDLP_preview/StoreEndpointDLPEvents.ps1 -------------------------------------------------------------------------------- /Sentinel/EndPointDLP_preview/deploysentinelfunction.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/EndPointDLP_preview/deploysentinelfunction.json -------------------------------------------------------------------------------- /Sentinel/EndPointDLP_preview/enablesubscription.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/EndPointDLP_preview/enablesubscription.ps1 -------------------------------------------------------------------------------- /Sentinel/EndPointDLP_preview/endpointdlpservice.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/EndPointDLP_preview/endpointdlpservice.zip -------------------------------------------------------------------------------- /Sentinel/EndPointDLP_preview/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/EndPointDLP_preview/readme.md -------------------------------------------------------------------------------- /Sentinel/QueueEvents.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/QueueEvents.ps1 -------------------------------------------------------------------------------- /Sentinel/Readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/Readme.md -------------------------------------------------------------------------------- /Sentinel/Report/Exchange & Teams DLP Report.workbook.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/Report/Exchange & Teams DLP Report.workbook.json -------------------------------------------------------------------------------- /Sentinel/Report/SharePoint DLP Report.workbook.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/Report/SharePoint DLP Report.workbook.json -------------------------------------------------------------------------------- /Sentinel/Report/img/report1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/Report/img/report1.png -------------------------------------------------------------------------------- /Sentinel/Report/img/report2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/Report/img/report2.png -------------------------------------------------------------------------------- /Sentinel/Report/img/report3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/Report/img/report3.png -------------------------------------------------------------------------------- /Sentinel/Report/img/report4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/Report/img/report4.png -------------------------------------------------------------------------------- /Sentinel/Report/img/test.md: -------------------------------------------------------------------------------- 1 | # blank 2 | -------------------------------------------------------------------------------- /Sentinel/Report/organization.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/Report/organization.json -------------------------------------------------------------------------------- /Sentinel/Report/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/Report/readme.md -------------------------------------------------------------------------------- /Sentinel/StoreEvents.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/StoreEvents.ps1 -------------------------------------------------------------------------------- /Sentinel/deploySentinelfunction.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/deploySentinelfunction.json -------------------------------------------------------------------------------- /Sentinel/deploySentinelfunction.parameters.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/deploySentinelfunction.parameters.json -------------------------------------------------------------------------------- /Sentinel/dlpservice.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/dlpservice.zip -------------------------------------------------------------------------------- /Sentinel/enablesubscription.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/enablesubscription.ps1 -------------------------------------------------------------------------------- /Sentinel/logicapp/dlpaction.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/logicapp/dlpaction.json -------------------------------------------------------------------------------- /Sentinel/logicapp/img/blank.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Sentinel/logicapp/img/incident1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/logicapp/img/incident1.png -------------------------------------------------------------------------------- /Sentinel/logicapp/messageid.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/logicapp/messageid.ps1 -------------------------------------------------------------------------------- /Sentinel/logicapp/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/logicapp/readme.md -------------------------------------------------------------------------------- /Sentinel/mipservice/MIPService.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/mipservice/MIPService.zip -------------------------------------------------------------------------------- /Sentinel/mipservice/MIPmap.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/mipservice/MIPmap.csv -------------------------------------------------------------------------------- /Sentinel/mipservice/SensitivityLabels.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/mipservice/SensitivityLabels.json -------------------------------------------------------------------------------- /Sentinel/mipservice/importwatch.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/mipservice/importwatch.ps1 -------------------------------------------------------------------------------- /Sentinel/mipservice/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/mipservice/readme.md -------------------------------------------------------------------------------- /Sentinel/msgtrace/ingestmsgtrace.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/msgtrace/ingestmsgtrace.ps1 -------------------------------------------------------------------------------- /Sentinel/msgtrace/ingestmsgtrace_with_detail.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/msgtrace/ingestmsgtrace_with_detail.ps1 -------------------------------------------------------------------------------- /Sentinel/msgtrace/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel/msgtrace/readme.md -------------------------------------------------------------------------------- /Sentinel_CloudApp/Azure_Sentinel_analytics_rules.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_CloudApp/Azure_Sentinel_analytics_rules.json -------------------------------------------------------------------------------- /Sentinel_CloudApp/EndpointSensitiveInfo.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_CloudApp/EndpointSensitiveInfo.json -------------------------------------------------------------------------------- /Sentinel_CloudApp/Label Statistics.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_CloudApp/Label Statistics.json -------------------------------------------------------------------------------- /Sentinel_CloudApp/MIPmap.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_CloudApp/MIPmap.csv -------------------------------------------------------------------------------- /Sentinel_CloudApp/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_CloudApp/readme.md -------------------------------------------------------------------------------- /Sentinel_Deployment/deploymentScript.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/deploymentScript.ps1 -------------------------------------------------------------------------------- /Sentinel_Deployment/functionPackage.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/functionPackage.zip -------------------------------------------------------------------------------- /Sentinel_Deployment/functionPackage/Modules/AzMon.Ingestion/AzMon.Ingestion.psd1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/functionPackage/Modules/AzMon.Ingestion/AzMon.Ingestion.psd1 -------------------------------------------------------------------------------- /Sentinel_Deployment/functionPackage/Modules/AzMon.Ingestion/AzMon.Ingestion.psm1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/functionPackage/Modules/AzMon.Ingestion/AzMon.Ingestion.psm1 -------------------------------------------------------------------------------- /Sentinel_Deployment/functionPackage/Modules/AzMon.Ingestion/Azure.Core.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/functionPackage/Modules/AzMon.Ingestion/Azure.Core.dll -------------------------------------------------------------------------------- /Sentinel_Deployment/functionPackage/Modules/AzMon.Ingestion/Azure.Identity.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/functionPackage/Modules/AzMon.Ingestion/Azure.Identity.dll -------------------------------------------------------------------------------- /Sentinel_Deployment/functionPackage/Modules/AzMon.Ingestion/Azure.Monitor.Ingestion.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/functionPackage/Modules/AzMon.Ingestion/Azure.Monitor.Ingestion.dll -------------------------------------------------------------------------------- /Sentinel_Deployment/functionPackage/Modules/AzMon.Ingestion/Microsoft.Bcl.AsyncInterfaces.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/functionPackage/Modules/AzMon.Ingestion/Microsoft.Bcl.AsyncInterfaces.dll -------------------------------------------------------------------------------- /Sentinel_Deployment/functionPackage/Modules/AzMon.Ingestion/Microsoft.Identity.Client.Extensions.Msal.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/functionPackage/Modules/AzMon.Ingestion/Microsoft.Identity.Client.Extensions.Msal.dll -------------------------------------------------------------------------------- /Sentinel_Deployment/functionPackage/Modules/AzMon.Ingestion/Microsoft.Identity.Client.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/functionPackage/Modules/AzMon.Ingestion/Microsoft.Identity.Client.dll -------------------------------------------------------------------------------- /Sentinel_Deployment/functionPackage/Modules/AzMon.Ingestion/Microsoft.IdentityModel.Abstractions.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/functionPackage/Modules/AzMon.Ingestion/Microsoft.IdentityModel.Abstractions.dll -------------------------------------------------------------------------------- /Sentinel_Deployment/functionPackage/Modules/AzMon.Ingestion/System.ClientModel.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/functionPackage/Modules/AzMon.Ingestion/System.ClientModel.dll -------------------------------------------------------------------------------- /Sentinel_Deployment/functionPackage/Modules/AzMon.Ingestion/System.Memory.Data.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/functionPackage/Modules/AzMon.Ingestion/System.Memory.Data.dll -------------------------------------------------------------------------------- /Sentinel_Deployment/functionPackage/Modules/AzMon.Ingestion/System.Security.Cryptography.ProtectedData.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/functionPackage/Modules/AzMon.Ingestion/System.Security.Cryptography.ProtectedData.dll -------------------------------------------------------------------------------- /Sentinel_Deployment/functionPackage/QueueDLPEvents/function.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/functionPackage/QueueDLPEvents/function.json -------------------------------------------------------------------------------- /Sentinel_Deployment/functionPackage/QueueDLPEvents/run.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/functionPackage/QueueDLPEvents/run.ps1 -------------------------------------------------------------------------------- /Sentinel_Deployment/functionPackage/StoreDLPEvents/function.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/functionPackage/StoreDLPEvents/function.json -------------------------------------------------------------------------------- /Sentinel_Deployment/functionPackage/StoreDLPEvents/run.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/functionPackage/StoreDLPEvents/run.ps1 -------------------------------------------------------------------------------- /Sentinel_Deployment/functionPackage/SyncDLPAnalyticsRules/function.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/functionPackage/SyncDLPAnalyticsRules/function.json -------------------------------------------------------------------------------- /Sentinel_Deployment/functionPackage/SyncDLPAnalyticsRules/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/functionPackage/SyncDLPAnalyticsRules/readme.md -------------------------------------------------------------------------------- /Sentinel_Deployment/functionPackage/SyncDLPAnalyticsRules/run.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/functionPackage/SyncDLPAnalyticsRules/run.ps1 -------------------------------------------------------------------------------- /Sentinel_Deployment/functionPackage/SyncDLPAnalyticsRules/workloads.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/functionPackage/SyncDLPAnalyticsRules/workloads.json -------------------------------------------------------------------------------- /Sentinel_Deployment/functionPackage/SyncSensitivityLabels/function.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/functionPackage/SyncSensitivityLabels/function.json -------------------------------------------------------------------------------- /Sentinel_Deployment/functionPackage/SyncSensitivityLabels/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/functionPackage/SyncSensitivityLabels/readme.md -------------------------------------------------------------------------------- /Sentinel_Deployment/functionPackage/SyncSensitivityLabels/run.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/functionPackage/SyncSensitivityLabels/run.ps1 -------------------------------------------------------------------------------- /Sentinel_Deployment/functionPackage/host.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/functionPackage/host.json -------------------------------------------------------------------------------- /Sentinel_Deployment/functionPackage/profile.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/functionPackage/profile.ps1 -------------------------------------------------------------------------------- /Sentinel_Deployment/functionPackage/requirements.psd1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/functionPackage/requirements.psd1 -------------------------------------------------------------------------------- /Sentinel_Deployment/functionPackage/version.info: -------------------------------------------------------------------------------- 1 | 1.1.2 2 | -------------------------------------------------------------------------------- /Sentinel_Deployment/images/incident.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/images/incident.png -------------------------------------------------------------------------------- /Sentinel_Deployment/images/incidentManagement.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/images/incidentManagement.png -------------------------------------------------------------------------------- /Sentinel_Deployment/images/lawid.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/images/lawid.png -------------------------------------------------------------------------------- /Sentinel_Deployment/main.bicep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/main.bicep -------------------------------------------------------------------------------- /Sentinel_Deployment/main.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/main.json -------------------------------------------------------------------------------- /Sentinel_Deployment/modules/customDcrTables.bicep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/modules/customDcrTables.bicep -------------------------------------------------------------------------------- /Sentinel_Deployment/modules/functionApp.bicep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/modules/functionApp.bicep -------------------------------------------------------------------------------- /Sentinel_Deployment/modules/functionAppPE.bicep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/modules/functionAppPE.bicep -------------------------------------------------------------------------------- /Sentinel_Deployment/modules/keyVault.bicep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/modules/keyVault.bicep -------------------------------------------------------------------------------- /Sentinel_Deployment/modules/lawCustomTable.bicep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/modules/lawCustomTable.bicep -------------------------------------------------------------------------------- /Sentinel_Deployment/modules/lawFunction.bicep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/modules/lawFunction.bicep -------------------------------------------------------------------------------- /Sentinel_Deployment/modules/lawRoleAssignment.bicep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/modules/lawRoleAssignment.bicep -------------------------------------------------------------------------------- /Sentinel_Deployment/modules/privateNetwork.bicep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/modules/privateNetwork.bicep -------------------------------------------------------------------------------- /Sentinel_Deployment/modules/sentinelRules.bicep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/modules/sentinelRules.bicep -------------------------------------------------------------------------------- /Sentinel_Deployment/modules/sentinelWatchlists.bicep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/modules/sentinelWatchlists.bicep -------------------------------------------------------------------------------- /Sentinel_Deployment/modules/sentinelWorkbooks.bicep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/modules/sentinelWorkbooks.bicep -------------------------------------------------------------------------------- /Sentinel_Deployment/nuget.csproj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/nuget.csproj -------------------------------------------------------------------------------- /Sentinel_Deployment/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/readme.md -------------------------------------------------------------------------------- /Sentinel_Deployment/releaseNotes.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/Sentinel_Deployment/releaseNotes.md -------------------------------------------------------------------------------- /V2Function_Investigate/EnableSubscription.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/V2Function_Investigate/EnableSubscription.ps1 -------------------------------------------------------------------------------- /V2Function_Investigate/QueueEvents.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/V2Function_Investigate/QueueEvents.ps1 -------------------------------------------------------------------------------- /V2Function_Investigate/StoreEvents.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/V2Function_Investigate/StoreEvents.ps1 -------------------------------------------------------------------------------- /investigation/Enablesubscription.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/investigation/Enablesubscription.ps1 -------------------------------------------------------------------------------- /investigation/QueueEvents.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/investigation/QueueEvents.ps1 -------------------------------------------------------------------------------- /investigation/StoreEvents.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/O365-ActivityFeed-AzureFunction/HEAD/investigation/StoreEvents.ps1 --------------------------------------------------------------------------------