Hunt and Respond to Microsoft Cloud Threats with Open-Source Precision
Efficiently gather forensic data from Microsoft cloud environments with automated collection processes.
Analyze security configurations, audit logs, and user activities across your Microsoft cloud environment.
Generate both easy-to-read CSV reports and structured JSON data for advanced analysis and SIEM integration.
Install-Module -Name Hawk
Hawk is available through the PowerShell Gallery. Simply open a PowerShell terminal and run the command above to get started.
Commands that start with Verb-HawkTenant analyze tenant-wide settings:
Verb-HawkTenant
Commands that start with Verb-HawkUser focus on individual user investigation:
Verb-HawkUser
Everyone is welcome to contribute to this tool. The goal of the Hawk tool is to be a community lead tool and provides security support professionals with the tools they need to quickly and easily gather data from the Microsoft cloud. Whether its maintaining this web page, submitting feature requests / bug fixes, or laying down some PowerShell code, we welcome you all!
Select an open issue and start contributing today! For questions on the project, contact the Hawk dev team via the GitHub questions form.
Have ideas for improvement? Submit a feature request and we will get right on it!
Spotted a bug? Let us know so we can patch up Hawk!