Jonathan Butler
Jonathan Butler
## What Happened? When running tenant investigation functions in **PowerShell Core** (but not **PowerShell Desktop**), several functions generate unwanted `Suggestion [4,General]: The most similar commands are...` messages after completing their...
## What problem would this feature solve? The existing `Get-HawkUserHiddenRule` function relies on the **EWS Managed API 2.2**, which is now deprecated and depends on a specific DLL (`Microsoft.Exchange.WebServices.dll`) that...
### What problem would this feature solve? The current test suite for Hawk relies on Pester 3.x syntax and practices, which are incompatible with Pester 5.x. This results in test...
### What problem would this feature solve? Currently, Hawk does not have an active capability for tenant-wide inbox rule artifact collection due to the removal of the `RobustCloudCommand` dependency. This...
### What happened? The IP Stack API key management in Hawk has several usability issues: 1. If users skip entering the API key on the first prompt, it saves an...
## What Problem Would This Feature Solve? `Get-HawkTenantUnifiedAuditLog` is currently **non-functional** and does not return results for the Unified Audit Log (UAL). This results in the following issues: - The...
### What is this feature about? This feature aims to expand the capabilities of the existing `Get-HawkTenantEDiscoveryConfiguration` function to detect modern eDiscovery roles assigned through the Microsoft 365 Security &...
## What problem would this feature solve? Currently, `Get-HawkUserEntraIDSignInLog` retrieves sign-in logs from Microsoft Entra ID but does not provide IP geolocation information for the sign-in events. This makes it...
# Title: Automate Hawk Permissions Configuration – Two Approaches ## Feature Provide two separate methods to automate Hawk’s permissions setup: 1. **Goose-Style App Registration** – Creating an Azure AD application,...
## **What problem would this feature solve?** Currently, Hawk outputs JSON logs in standard JSON format, which is human-readable but not optimized for SIEM ingestion. NDJSON (Newline Delimited JSON) offers...