A collection of scripts for finding threats in Office365.
This tool requires Reqeusts, Requests-cache and Jinja2 - these can be installed with
pip install -r requirements.txt
It requires an administrative access to AzureAD & Office365 environment to set up but no specific account is required for its continued use.
You will need to create a new application registration in the AzureAD portal and grant it the following permissions at the application level and grant admin consent for them:
- Microsoft Graph
Next, generate a secret and make a record of the secret string as well as the app/client ID.
You will then need to make a copy of config.example.py and update it with your own domain, app id and secret
Just run riskyrules.py - no arguments are required and once the script has finished the report will be saved as report.html in the current directory