hawk icon indicating copy to clipboard operation
hawk copied to clipboard
verified publisher icon T0pCyber

Question: Can you search for user agent strings?

Open PhranqueG opened this issue 9 months ago • 2 comments

Your Question

Is there a function for searching for specific user agent strings across the tenant?

PhranqueG avatar Mar 14 '25 02:03 PhranqueG

@PhranqueG , there is not a specific function that searches for specific user agent strings across the tenant. However, there are functions that do pull back User Agent strings as part of a larger data set. Some of those being

  • Get-HawkUserMailItemsAccessed (ClientInfoString column)
  • Get-HawkUserMailSendActivity (ClientInfoString column)
  • Get-HawkTenantRiskDetections (AdditionalInfo_userAgent column)

There should be some other functions that pull back UserAgent Strings as well. May I ask what your particular use case is for the User Agent Strings across the entire tenant?

jonnybottles avatar Mar 14 '25 14:03 jonnybottles

@jonnybottles, there is a distinct user agent associated with suspicious login activities. I would like to search the entire tenant to flag activity associated with the user agent to quickly detect the user accounts involved.

PhranqueG avatar Mar 14 '25 15:03 PhranqueG