O365_Unified_Auditlog_parser

1.6

O365 auditlog (Unified log) parser.

Applies to logs downloaded from https://protection.office.com/ - Search & investigation - Audit log search - Download - .csv

Downloaded log has 4 colums:
CreationDate | UserIds | Operations | Auditdata
Problem: the most important one (Auditdata) is string mess where data is delimited with ; , and [] and you can't really import it
O365 auditlog (Unified log) parser.

Applies to logs downloaded from https://protection.office.com/ - Search & investigation - Audit log search - Download - .csv

Downloaded log has 4 colums:
CreationDate | UserIds | Operations | Auditdata
Problem: the most important one (Auditdata) is string mess where data is delimited with ; , and [] and you can't really import it to excel to filter reasonably for examing.
Also problem: different services log more or less data so no fixed amount of columns

This parser will modify the Auditdata column, creates a table and exports the parsered csv file (to be imported to excel).
More comments inside the script.

You can run this from command line giving sourcedirectory+file and destinationdirectory+file as arguments.
If they are omitted, script will ask sourcefile.

Examples:
-- .\O365_Unified_Auditlog_parser.ps1 -sourcefile "c:\dddd\sourcefile.csv" -destinationfile "c:\dddd\destinationfile.csv"
-- .\O365_Unified_Auditlog_parser.ps1 -sourcefile ".\AuditLog_2019-04-22_2019-04-30.csv" -destinationfile ".\AuditLog_2019-04-22_2019-04-30_parsered.csv"



Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Script -Name O365_Unified_Auditlog_parser

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Author(s)

mikko@lavento.com

Owners

Tags

O365 UnifiedAuditlog Auditlog parser

Dependencies

This script has no dependencies.

Release Notes

Cleaned up some lines and made description more accurate.
Added feature to accept sourcedirectory+file and destinationdirectory+file as arguments.
If they are omitted, script will ask sourcefile.
Examples:
-- .\O365_Unified_Auditlog_parser.ps1 -sourcefile "c:\dddd\sourcefile.csv" -destinationfile "c:\dddd\destinationfile.csv"
-- .\O365_Unified_Auditlog_parser.ps1 -sourcefile ".\AuditLog_2019-04-22_2019-04-30.csv" -destinationfile ".\AuditLog_2019-04-22_2019-04-30_parsered.csv"
Also added Columns: ImplicitShare, ModifiedProperties, SupportTicketId

Version History

Version Downloads Last updated
1.6 (current version) 733 5/3/2019
1.5 32 4/30/2019
1.4 119 1/17/2019
1.3 112 6/6/2018
1.2 15 5/29/2018
1.1 31 5/29/2018
1.0 14 5/27/2018