Skip to content

Commit

Permalink
Merge pull request #65 from ddbnl/interactive
Browse files Browse the repository at this point in the history
Interactive
  • Loading branch information
ddbnl authored Mar 24, 2024
2 parents 25068d8 + bd3f485 commit 04fa082
Show file tree
Hide file tree
Showing 19 changed files with 1,957 additions and 277 deletions.
429 changes: 345 additions & 84 deletions Cargo.lock

Large diffs are not rendered by default.

13 changes: 9 additions & 4 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -6,22 +6,27 @@ edition = "2021"

[dependencies]
anyhow = "1.0.81"
log = "0.4.16"
simple_logger = "4.3.3"
tui-scrollview = "0.3.2"
ratatui = { version = "0.26.1", features = [] }
crossterm = { version = "0.27.0", features = ["event-stream"] }
color-eyre = "0.6.3"
chrono = "0.4.19"
futures = "0.3.21"
reqwest = {version = "0.11.10", features = ["blocking", "json"]}
tokio = {version="1.17.0", features=["full"]}
tokio = { version = "1.17.0", features = ["full"] }
tokio-stream = "0.1.8"
serde="1.0.136"
serde = "1.0.136"
serde_yaml = "0.9.32"
serde_json="1.0.79"
serde_derive = "1.0.136"
clap = { version = "4.5.2", features = ["derive"] }
csv = "1.3.0"
log = { version = "0.4.21", features = ["std"] }
poston = "0.7.8"
base64 = "0.22.0"
hmac = "0.12.1"
sha2 = "0.10.8"
async-trait = "0.1.77"
simple-logging = "2.0.2"
tokio-util = "0.7.10"
signal-hook = "0.3.17"
11 changes: 11 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,10 +18,19 @@ rewrite, I'm hoping I'll be able to maintain the smaller codebase in my limited
- Csv file
- Graylog
- Fluentd
- Azure Log Analytics

If you were using an interface that was dropped, keep using the previous version and raise an issue asking for the
interface to be included. I don't mind writing an interface for one person, I only mind writing it for no one.


#### Interactive interface

An interactive terminal interface was added, which allows testing the API connection, retrieving logs, and load testing
by downloading each log an arbitrary number of times. This should allow live troubleshooting and testing, which might
make solving issues easier. You can use it by running the collector as normal, only adding the '--interactive' command
line parameter.

#### Add container releases

While binaries will still be available, the primary method of release should be containers. This will hopefully
Expand All @@ -32,6 +41,8 @@ be necessary.

# Office365 audit log collector

![Screenshot.jpg](Screenshot.jpg)

Collect/retrieve Office365, Azure and DLP audit logs, optionally filter them, then send them to one or more outputs
(see full list below).
Onboarding is easy and takes only a few minutes (see 'Onboarding' section). There are Windows and Linux executables.
Expand Down
1 change: 0 additions & 1 deletion Release/ConfigExamples/CsvOutput.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
collect:
skipKnownLogs: True
workingDir: /app
contentTypes:
Audit.General: True
Expand Down
1 change: 1 addition & 0 deletions Release/ConfigExamples/fullConfig.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ collect: # Settings determining which audit logs to collect and how to do it
retries: 3 # Times to retry retrieving a content blob if it fails
skipKnownLogs: True # Remember retrieved log blobs, don't collect them twice
hoursToCollect: 24 # Look back this many hours for audit logs (max supported by Office API is 168)
duplicate: 1 # Amount of times to download each log, can be used for performance testing by inflating the number of logs to download. Default is 1
filter: # Only logs that match ALL filters for a content type are collected. Leave empty to collect all
Audit.General:
Audit.AzureActiveDirectory:
Expand Down
4 changes: 2 additions & 2 deletions Release/Linux/OfficeAuditLogCollector
Git LFS file not shown
4 changes: 2 additions & 2 deletions Release/Windows/OfficeAuditLogCollector.exe
Git LFS file not shown
Binary file added Screenshot.jpg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading

0 comments on commit 04fa082

Please sign in to comment.