PSGuerrilla
2.13.0
Minimum PowerShell version
7.0
Installation Options
Owners
Copyright
(c) 2026 Jim Tyler. All rights reserved.
Package Details
Author(s)
- Jim Tyler Microsoft MVP
Tags
GoogleWorkspace ActiveDirectory EntraID AzureAD Intune M365 Security CompromiseAssessment IncidentResponse ThreatDetection ADSecurity CloudSecurity NTLMRelay TierZero GUI WPF PSGuerrilla
Functions
Invoke-Recon Invoke-Surveillance Invoke-Watchtower Invoke-Wiretap Invoke-Lookout Get-DeadDrop Send-Signal Send-SignalSendGrid Send-SignalMailgun Send-SignalTwilio Send-SignalTeams Send-SignalSlack Send-SignalWebhook Send-SignalPagerDuty Send-SignalPushover Send-SignalSyslog Send-SignalEventLog Send-SignalDigest Set-Safehouse Test-Safehouse Get-Safehouse Register-Patrol Unregister-Patrol Get-Patrol Update-ThreatIntel Invoke-ReconDemo Invoke-Fortification Invoke-Reconnaissance Invoke-Infiltration Invoke-Campaign Get-GuerrillaScore Get-QuickWins Get-ComplianceCrosswalk Export-BudgetJustification Export-ExecutiveSummary Export-TechnicalReport Export-RemediationPlaybook Export-RemediationScripts Set-RiskAcceptance Get-RiskAcceptance Get-TrendReport Export-ReportPdf Export-Dashboard Show-Guerrilla
Dependencies
This module has no dependencies.
Release Notes
v2.13.0: Google Workspace coverage expansion - GWS is now 104 checks (466 total, up from 98/460). Six net-new policy checks: AUTH-014 2SV enrollment allowed (security.two_step_verification_enrollment), AUTH-015 2SV enrollment grace period (security.two_step_verification_grace_period), AUTH-016 Advanced Protection self-enrollment (security.advanced_protection_program), AUTH-017 super-admin self-recovery -> FAIL (security.super_admin_account_recovery), COLLAB-011 Meet external-participant labeling (meet.safety_external_participants), COLLAB-012 Meet host management (meet.safety_host_management). Plus ADMIN-008/009 converted from placeholders to real checks via directory.workspace_resource_type_visibility (WARN on broad directory exposure). 39 of 104 GWS checks now read live Cloud Identity policy. All read-only, weakest-OU-wins, API-unavailable -> SKIP. Test-mode Fortification: 104 findings, 0 ERROR. New suites verify-gws1-{auth,collab,admin}-p3.ps1. AD 204 / Entra 158 unchanged. v2.12.1: Live-validation fixes. (1) Invoke-Lookout drift was non-functional - Get/Save-TheaterState ValidateSet rejected the workspace theater, so the baseline never persisted and every run re-baselined; added workspace to the ValidateSet, plus a real-state two-run regression test. (2) Confirmed-enum tighten-ups from a live tenant: COLLAB-008 EXTERNAL_ALL_INFO_* (full event details shared externally) -> FAIL and EXTERNAL_FREE_BUSY_ONLY/EXTERNAL_NO_SHARING -> PASS; OAUTH-006 corrected - api_controls.app_approval_requests.allowedForAll=ENABLED is the app-access request-and-approve workflow (admin still approves) -> PASS, not insecure; OAUTH-001 UNSPECIFIED_UBER_BLOCK confirmed block-all -> PASS. (3) EMAIL-019 remediation reworded. ADMIN-008/009 convertible via directory.workspace_resource_type_visibility (deferred pending direction). Check counts unchanged (204/98/158); all GWS-1 + Lookout suites green. v2.12.0: Google Workspace continuous monitoring: new Invoke-Lookout cmdlet - the GWS configuration-drift monitor that joins Invoke-Surveillance (Entra), Invoke-Watchtower (AD), and Invoke-Wiretap (M365). It runs the read-only Fortification posture audit, stores a baseline, and on each subsequent run reports newly-failing controls (drift), resolved controls, and the posture-score change; complements Invoke-Recon (behavioural) by watching configuration. First run baselines, -Force re-baselines, -ScanMode Fast (default, via Fortification -Quick) or Full. New failures surface on .NewThreats for alerting; baseline stored under theater workspace; built on the existing Compare-FortificationState engine. Register-Patrol now schedules Invoke-Lookout for the Workspace theater alongside Invoke-Recon. Read-only - no changes to Google Workspace. 44 public functions now. Check counts unchanged (204/98/158). Test verify-lookout.ps1 (16/16). v2.11.1: GWS-1 coverage extension: 7 more Fortification checks now read live Cloud Identity policy (33 real policy-backed checks total, up from 26). EMAIL-018 Compliance Rules (gmail.content_compliance), EMAIL-019 DLP Rules (rule.dlp, active Gmail-scoped), DRIVE-010 Drive DLP Rules (rule.dlp, active Drive-scoped), ADMIN-010 Groups external membership and ADMIN-011 group-creation restriction (groups_for_business.groups_sharing), COLLAB-004 Chat external comms (chat.external_chat_restriction) and COLLAB-008 Calendar external sharing (calendar.primary_calendar_max_allowed_external_sharing) - the two COLLAB checks keep their OrgUnitPolicies path as a fallback. Same rails: weakest-OU-wins, API-unavailable/policy-absent -> SKIP, unrecognized enums -> WARN never PASS, anchored DLP state matching. Check counts unchanged (204/98/158). New tests verify-gws1-{email,drive,admin,collab}-p2.ps1, all green. See CHANGELOG.md for v2.11.0 and earlier.
FileList
- PSGuerrilla.nuspec
- LICENSE
- Public\Get-TrendReport.ps1
- Public\Send-Signal.ps1
- Private\Core\Test-NewDevice.ps1
- Private\Core\Get-LocalizedString.ps1
- Private\Audit\Invoke-LoggingAlertingChecks.ps1
- Private\Export\Export-CampaignReportCsv.ps1
- Private\Vault\Get-SafehouseSecret.ps1
- Private\Console\Write-WiretapReport.ps1
- Data\AuditChecks\EntraAppChecks.json
- Data\AuditChecks\ADPrivilegedAccountChecks.json
- Private\AD\Core\Get-ADTradecraftSignals.ps1
- Private\M365Monitor\Detections\Test-M365PowerAutomateFlow.ps1
- Private\EntraMonitor\Detections\Test-EntraSubscriptionPermChange.ps1
- Private\Entra\Core\Get-EntraApplicationData.ps1
- Private\ADMonitor\Core\Get-ADBaseline.ps1
- CHANGELOG.md
- Public\Send-SignalDigest.ps1
- Public\Export-BudgetJustification.ps1
- Private\Core\New-UserCompromiseProfile.ps1
- Private\Core\Test-UserAgentAnomaly.ps1
- Private\Audit\Invoke-OAuthSecurityChecks.ps1
- Private\Export\Export-SurveillanceReportCsv.ps1
- Private\Vault\Save-SafehouseCredentialSet.ps1
- Private\Console\Write-FieldReport.ps1
- Data\AuditChecks\EntraPIMChecks.json
- Data\AuditChecks\EntraAuthChecks.json
- Private\AD\Core\Get-ADObjectACLs.ps1
- Private\M365Monitor\Detections\Test-M365DLPPolicyChange.ps1
- Private\EntraMonitor\Detections\Test-EntraCAPolicyChange.ps1
- Private\Entra\Core\Get-EntraConditionalAccessData.ps1
- Private\ADMonitor\Detections\Test-ADServiceAccountCreation.ps1
- PSGuerrilla.format.ps1xml
- Public\Invoke-ReconDemo.ps1
- Public\Send-SignalEventLog.ps1
- Private\Core\Save-OperationState.ps1
- Private\Core\Invoke-PendingKeyFileCleanup.ps1
- Private\Audit\Get-GuerrillaSimulatedFindings.ps1
- Private\Export\Export-FortificationReportJson.ps1
- Private\Vault\Get-SafehouseCredentialView.ps1
- Private\Console\Write-FortificationReport.ps1
- Data\AuditChecks\ADAttackPathChecks.json
- Data\AuditChecks\M365SharePointChecks.json
- Private\AD\Core\Get-ADTierZeroSignals.ps1
- Private\M365Monitor\Detections\Test-M365EDiscoverySearch.ps1
- Private\EntraMonitor\Detections\Test-EntraAuthMethodChange.ps1
- Private\Entra\Core\Get-EntraFederationData.ps1
- Private\ADMonitor\Detections\Test-ADSensitivePasswordChange.ps1
- AI-USAGE.md
- Public\Get-GuerrillaScore.ps1
- Public\Show-Guerrilla.ps1
- Private\Core\Test-DriveExternalSharing.ps1
- Private\Core\Get-CloudIpClassification.ps1
- Private\Audit\Get-AuditCategoryDefinitions.ps1
- Private\Export\Export-CampaignReportHtml.ps1
- Private\Vault\Show-SafehouseStatus.ps1
- Private\Console\Write-InfiltrationReport.ps1
- Data\AuditChecks\TierZeroChecks.json
- Data\AuditChecks\M365DefenderChecks.json
- Private\AD\Checks\Invoke-ADNetworkChecks.ps1
- Private\M365Monitor\Detections\Test-M365ForwardingRule.ps1
- Private\EntraMonitor\Detections\Test-EntraPasswordSpray.ps1
- Private\Entra\Checks\Invoke-EntraAppChecks.ps1
- Private\ADMonitor\Detections\Test-ADAdminSDHolderChange.ps1
- README.md
- Public\Invoke-Watchtower.ps1
- Public\Register-Patrol.ps1
- Private\Core\Add-ScanHistoryEntry.ps1
- Private\Core\Get-OperationState.ps1
- Private\Audit\Invoke-CollaborationChecks.ps1
- Private\Export\Export-ReconnaissanceReportJson.ps1
- Private\Vault\Initialize-GuerrillaVault.ps1
- Private\Console\Write-ProgressLine.ps1
- Data\AuditChecks\M365AuditChecks.json
- Data\AuditChecks\IntuneChecks.json
- Private\AD\Checks\Invoke-ADPasswordPolicyChecks.ps1
- Private\M365Monitor\Detections\Test-M365DefenderAlertChange.ps1
- Private\EntraMonitor\Detections\Test-EntraAdminUnitChange.ps1
- Private\Entra\Checks\Invoke-M365PowerPlatformChecks.ps1
- Private\ADMonitor\Detections\Test-ADPrivilegedGroupChange.ps1
- PSGuerrilla.psd1
- Public\Send-SignalTwilio.ps1
- Public\Get-Safehouse.ps1
- Private\Core\Test-HighRiskOAuthApp.ps1
- Private\Core\Test-DomainWideDelegation.ps1
- Private\Audit\New-AuditFinding.ps1
- Private\Export\Export-SurveillanceReportHtml.ps1
- Private\Vault\Set-GuerrillaCredential.ps1
- Private\Console\Get-GuerrillaScoreLabel.ps1
- Data\AuditChecks\M365ExchangeChecks.json
- Private\AD\Core\Invoke-LdapQuery.ps1
- Private\AD\Checks\Invoke-ADDomainForestChecks.ps1
- Private\M365Monitor\Detections\Test-M365TeamsExternalAccess.ps1
- Private\EntraMonitor\Detections\Test-EntraLeakedCredential.ps1
- Private\Entra\Checks\Invoke-EntraPIMChecks.ps1
- Private\ADMonitor\Detections\Test-ADCertTemplateChange.ps1
- PSGuerrilla.psm1
- Public\Send-SignalSendGrid.ps1
- Public\Export-ExecutiveSummary.ps1
- Private\Core\Test-BulkFileDownload.ps1
- Private\Core\Get-ThreatScore.ps1
- Private\Audit\Resolve-DomainMailSecurity.ps1
- Private\Export\Export-FieldReportHtml.ps1
- Private\Vault\Get-VaultMetadata.ps1
- Private\Console\Write-WatchtowerReport.ps1
- Data\AuditChecks\ADKerberosChecks.json
- Private\AD\Core\Get-ADDomainInfo.ps1
- Private\AD\Checks\Invoke-ADTrustChecks.ps1
- Private\M365Monitor\Detections\Test-M365ExternalSharingChange.ps1
- Private\EntraMonitor\Detections\Test-EntraImpossibleTravel.ps1
- Private\Entra\Checks\Invoke-EntraFedChecks.ps1
- Private\ADMonitor\Detections\Test-ADDelegationChange.ps1
- Public\Send-SignalMailgun.ps1
- Public\Invoke-Fortification.ps1
- Private\Core\Get-TheaterState.ps1
- Private\Core\Test-AdminAction.ps1
- Private\Audit\Get-AuditPostureScore.ps1
- Private\Export\Export-WatchtowerReportHtml.ps1
- Private\Vault\Set-VaultMetadata.ps1
- Private\Console\Write-CampaignReport.ps1
- Data\AuditChecks\ADAclDelegationChecks.json
- Private\AD\Core\Resolve-ADSid.ps1
- Private\AD\Checks\Invoke-ADGroupPolicyChecks.ps1
- Private\M365Monitor\Detections\Test-M365AuditLogDisablement.ps1
- Private\EntraMonitor\Detections\Test-EntraGuestInvitation.ps1
- Private\Entra\Checks\Invoke-EntraAuthChecks.ps1
- Private\ADMonitor\Detections\Test-ADKrbtgtChange.ps1
- Config\guerrilla-config-schema.json
- Public\Export-TechnicalReport.ps1
- Public\Invoke-Surveillance.ps1
- Private\Core\Hide-ConfigSecret.ps1
- Private\Google\Get-GoogleCloudIdentityPolicies.ps1
- Private\Audit\Invoke-AdminManagementChecks.ps1
- Private\Export\Export-WiretapReportJson.ps1
- Private\Vault\Get-GuerrillaCredential.ps1
- Private\Console\Write-OperationHeader.ps1
- Data\AuditChecks\ADPasswordPolicyChecks.json
- Private\AD\Core\Get-ADPrivilegedMembers.ps1
- Private\AD\Checks\Invoke-ADAclDelegationChecks.ps1
- Private\M365Monitor\Detections\Test-M365BulkFileExfiltration.ps1
- Private\EntraMonitor\Detections\Test-EntraAnomalousToken.ps1
- Private\Entra\Checks\Invoke-EntraTenantChecks.ps1
- Private\ADMonitor\Detections\Test-ADReplicationAnomaly.ps1
- Config\guerrilla-defaults.json
- Public\Set-Safehouse.ps1
- Public\Send-SignalTeams.ps1
- Private\Core\Get-GuerrillaScoreCalculation.ps1
- Private\Google\Get-GoogleAccessToken.ps1
- Private\Audit\Invoke-DeviceManagementChecks.ps1
- Private\Export\Export-InfiltrationReportHtml.ps1
- Private\Vault\Read-MissionConfig.ps1
- Data\Profiles\K12-Baseline.json
- Data\AuditChecks\M365PowerPlatformChecks.json
- Private\AD\Core\Test-ADModuleAvailability.ps1
- Private\AD\Checks\Invoke-ADLogonScriptChecks.ps1
- Private\M365Monitor\Detections\Test-M365TransportRuleChange.ps1
- Private\EntraMonitor\Detections\Test-EntraAnonymousIp.ps1
- Private\Entra\Checks\Invoke-EntraCAChecks.ps1
- Private\ADMonitor\Detections\Test-ADDCSyncPermission.ps1
- Public\Invoke-Campaign.ps1
- Public\Export-ReportPdf.ps1
- Data\SuspiciousCountries.json
- Private\Core\Test-2svDisablement.ps1
- Private\Google\Invoke-GoogleReportsApi.ps1
- Private\Audit\Invoke-AuthenticationChecks.ps1
- Private\Export\Export-FortificationReportCsv.ps1
- Private\Console\Write-GuerrillaText.ps1
- Data\Profiles\Default-Baseline.json
- Data\AuditChecks\AuthenticationChecks.json
- Private\AD\Core\Get-ReconnaissanceData.ps1
- Private\AD\Checks\Invoke-ADCertificateServicesChecks.ps1
- Private\EntraMonitor\Core\Get-EntraDirectoryAudits.ps1
- Private\EntraMonitor\Detections\Test-EntraServicePrincipalCred.ps1
- Private\Entra\Checks\Invoke-AzureIAMChecks.ps1
- Private\ADMonitor\Detections\Test-ADGPOLinkChange.ps1
- Public\Export-RemediationScripts.ps1
- Public\Invoke-Lookout.ps1
- Data\VpnTorProxies.json
- Private\Core\Test-ImpossibleTravel.ps1
- Private\Google\New-GoogleJwt.ps1
- Private\Gui\Invoke-GuerrillaGuiAsync.ps1
- Private\Export\Export-InfiltrationReportCsv.ps1
- Private\Console\Write-ReconnaissanceReport.ps1
- Data\Localization\en-US.json
- Data\AuditChecks\ADTradecraftChecks.json
- Private\AD\Core\Get-ADTrustRelationships.ps1
- Private\AD\Checks\Invoke-ADAttackPathChecks.ps1
- Private\EntraMonitor\Core\Get-EntraSignInEvents.ps1
- Private\EntraMonitor\Detections\Test-EntraAuditLogGap.ps1
- Private\Entra\Checks\Invoke-M365AuditChecks.ps1
- Private\ADMonitor\Detections\Test-ADTrustChange.ps1
- Public\Set-RiskAcceptance.ps1
- Public\Update-ThreatIntel.ps1
- Data\ComplianceCrosswalk.json
- Private\Core\Save-TheaterState.ps1
- Private\Google\Invoke-GoogleAdminApi.ps1
- Private\Gui\Show-AddCredentialDialog.ps1
- Private\Export\Export-ReconnaissanceReportCsv.ps1
- Private\Console\Write-SpectreTable.ps1
- Data\AuditChecks\ADGroupPolicyChecks.json
- Data\AuditChecks\AdminManagementChecks.json
- Private\AD\Core\Get-ADNetworkConfig.ps1
- Private\AD\Checks\Invoke-TierZeroChecks.ps1
- Private\EntraMonitor\Core\Get-EntraMonitorThreatScore.ps1
- Private\EntraMonitor\Detections\Test-EntraTenantSettingChange.ps1
- Private\Entra\Checks\Invoke-M365DefenderChecks.ps1
- Private\ADMonitor\Detections\Test-ADLdapQueryAnomaly.ps1
- Public\Get-QuickWins.ps1
- Public\Get-DeadDrop.ps1
- Data\ThreatActorProfiles.json
- Private\Core\Find-ThreatActorProfile.ps1
- Private\Graph\Invoke-GraphApi.ps1
- Private\Gui\Get-GuerrillaGuiTheme.ps1
- Private\Export\Export-FortificationReportHtml.ps1
- Private\Console\Get-FortificationScoreLabel.ps1
- Data\AuditChecks\ADTrustChecks.json
- Data\AuditChecks\AzureIAMChecks.json
- Private\AD\Core\Get-ADDomainControllers.ps1
- Private\AD\Checks\Invoke-ADLoggingChecks.ps1
- Private\EntraMonitor\Core\New-EntraRiskProfile.ps1
- Private\EntraMonitor\Detections\Test-EntraFederationChange.ps1
- Private\Entra\Checks\Invoke-M365SharePointChecks.ps1
- Private\ADMonitor\Detections\Test-ADOUPermissionChange.ps1
- Public\Send-SignalPagerDuty.ps1
- Public\Get-ComplianceCrosswalk.ps1
- Data\RemediationCosts.json
- Private\Core\Invoke-AlertEscalation.ps1
- Private\Graph\Get-GraphAccessToken.ps1
- Private\Gui\Show-GuerrillaWindow.ps1
- Private\Export\Export-TrendReportHtml.ps1
- Private\Console\Write-SpectreProgress.ps1
- Data\AuditChecks\EntraCAChecks.json
- Data\AuditChecks\EmailSecurityChecks.json
- Private\AD\Core\Get-ADPasswordPolicies.ps1
- Private\AD\Checks\Invoke-ADPrivilegedAccountChecks.ps1
- Private\EntraMonitor\Core\Get-EntraRiskDetections.ps1
- Private\Entra\Core\Get-InfiltrationData.ps1
- Private\Entra\Checks\Invoke-M365ExchangeChecks.ps1
- Private\ADMonitor\Detections\Test-ADEnterpriseAdminChange.ps1
- Public\Send-SignalSyslog.ps1
- Public\Export-RemediationPlaybook.ps1
- Data\CloudIpRanges.json
- Private\Core\Test-ConcurrentSessions.ps1
- Private\Graph\Test-GraphModuleAvailability.ps1
- Private\Export\Export-InfiltrationReportJson.ps1
- Private\Export\Export-CampaignReportJson.ps1
- Private\Console\Write-InterceptAlert.ps1
- Data\AuditChecks\OAuthSecurityChecks.json
- Data\AuditChecks\ADCertificateServicesChecks.json
- Private\AD\Core\Get-ADLogonScripts.ps1
- Private\AD\Checks\Invoke-ADKerberosChecks.ps1
- Private\EntraMonitor\Detections\Test-EntraMalwareIp.ps1
- Private\Entra\Core\Get-EntraTenantData.ps1
- Private\Entra\Checks\Invoke-IntuneChecks.ps1
- Private\ADMonitor\Detections\Test-ADSchemaChange.ps1
- Public\Invoke-Wiretap.ps1
- Public\Invoke-Reconnaissance.ps1
- Data\HighRiskOAuthApps.json
- Private\Core\Test-AfterHoursLogin.ps1
- Private\Graph\Invoke-AzureRMApi.ps1
- Private\Export\Export-WiretapReportCsv.ps1
- Private\Export\Export-DashboardHtml.ps1
- Private\Console\Write-SpectrePanel.ps1
- Data\AuditChecks\CollaborationChecks.json
- Data\AuditChecks\DriveSecurityChecks.json
- Private\AD\Core\New-LdapConnection.ps1
- Private\AD\Checks\Invoke-ADStaleObjectChecks.ps1
- Private\EntraMonitor\Detections\Test-EntraRiskySignIn.ps1
- Private\Entra\Core\Get-AzureIAMData.ps1
- Private\Entra\Checks\Invoke-M365TeamsChecks.ps1
- Private\ADMonitor\Detections\Test-ADDomainAdminChange.ps1
- Public\Invoke-Recon.ps1
- Public\Unregister-Patrol.ps1
- Data\KnownAttackerIps.json
- Private\Core\Get-IpGeoData.ps1
- Private\Audit\Invoke-DriveSecurityChecks.ps1
- Private\Export\Export-WatchtowerReportJson.ps1
- Private\Export\Export-FieldReportJson.ps1
- Private\Console\Write-SurveillanceReport.ps1
- Data\AuditChecks\ADStaleObjectChecks.json
- Data\AuditChecks\ADNetworkChecks.json
- Private\AD\Core\Get-ADAttackPath.ps1
- Private\AD\Checks\Invoke-ADTradecraftChecks.ps1
- Private\EntraMonitor\Detections\Test-EntraUnfamiliarSignIn.ps1
- Private\Entra\Core\Get-EntraAuthMethodsData.ps1
- Private\ADMonitor\Core\New-ADChangeProfile.ps1
- Private\ADMonitor\Detections\Test-ADDnsRecordChange.ps1
- Public\Send-SignalWebhook.ps1
- Public\Send-SignalSlack.ps1
- Private\Core\Get-AlertDeduplication.ps1
- Private\Core\Get-ResourceConstrainedFixes.ps1
- Private\Audit\Invoke-EmailSecurityChecks.ps1
- Private\Export\Get-GuerrillaReportTheme.ps1
- Private\Export\Format-SignalContent.ps1
- Private\Console\Write-GuerrillaBanner.ps1
- Data\AuditChecks\M365TeamsChecks.json
- Data\AuditChecks\EntraTenantChecks.json
- Private\AD\Core\Get-ADStaleObjects.ps1
- Private\M365Monitor\Core\Get-M365MonitorThreatScore.ps1
- Private\EntraMonitor\Detections\Test-EntraAppPermissionGrant.ps1
- Private\Entra\Core\Get-EntraPIMData.ps1
- Private\ADMonitor\Core\Get-ADMonitorThreatScore.ps1
- Private\ADMonitor\Detections\Test-ADGPOChange.ps1
- Public\Get-RiskAcceptance.ps1
- Public\Invoke-Infiltration.ps1
- Private\Core\Test-UserSuspension.ps1
- Private\Core\Initialize-ConfigMigration.ps1
- Private\Audit\Resolve-GooglePolicyValue.ps1
- Private\Export\Export-WiretapReportHtml.ps1
- Private\Export\Export-SurveillanceReportJson.ps1
- Private\Console\Initialize-SpectreCapability.ps1
- Data\AuditChecks\ADLoggingChecks.json
- Data\AuditChecks\LoggingAlertingChecks.json
- Private\AD\Core\Get-ADKerberosConfig.ps1
- Private\M365Monitor\Core\Get-M365AuditEvents.ps1
- Private\EntraMonitor\Detections\Test-EntraGlobalAdminAssignment.ps1
- Private\Entra\Core\Get-M365ServiceData.ps1
- Private\ADMonitor\Core\Get-ADMonitorData.ps1
- Private\ADMonitor\Detections\Test-ADCertEnrollmentAnomaly.ps1
- Public\Test-Safehouse.ps1
- Public\Get-Patrol.ps1
- Private\Core\Update-ThreatIntelData.ps1
- Private\Core\Test-BruteForce.ps1
- Private\Audit\Compare-FortificationState.ps1
- Private\Export\Export-FieldReportCsv.ps1
- Private\Export\Export-ReconnaissanceReportHtml.ps1
- Private\Console\Write-SpectreBarChart.ps1
- Data\AuditChecks\ADLogonScriptChecks.json
- Data\AuditChecks\DeviceManagementChecks.json
- Private\AD\Core\Get-ADGroupPolicyObjects.ps1
- Private\M365Monitor\Core\New-M365ChangeProfile.ps1
- Private\EntraMonitor\Detections\Test-EntraPrivilegedRoleChange.ps1
- Private\Entra\Core\Get-IntuneData.ps1
- Private\ADMonitor\Core\Compare-ADBaseline.ps1
- Private\ADMonitor\Detections\Test-ADComputerAccountCreation.ps1
- Public\Send-SignalPushover.ps1
- Public\Export-Dashboard.ps1
- Private\Core\Test-EmailForwarding.ps1
- Private\Core\Test-WorkspaceSettingChange.ps1
- Private\Audit\Get-FortificationData.ps1
- Private\Export\Export-WatchtowerReportCsv.ps1
- Private\Vault\Test-CredentialConnectivity.ps1
- Private\Console\Write-SpectreTree.ps1
- Data\AuditChecks\EntraFedChecks.json
- Data\AuditChecks\ADDomainForestChecks.json
- Private\AD\Core\Get-ADCertificateServices.ps1
Version History
| Version | Downloads | Last updated |
|---|---|---|
| 2.37.0 | 5 | 6/27/2026 |
| 2.36.0 | 5 | 6/27/2026 |
| 2.35.0 | 6 | 6/26/2026 |
| 2.34.0 | 4 | 6/25/2026 |
| 2.33.0 | 3 | 6/25/2026 |
| 2.32.2 | 4 | 6/25/2026 |
| 2.32.1 | 4 | 6/25/2026 |
| 2.32.0 | 6 | 6/25/2026 |
| 2.31.0 | 7 | 6/24/2026 |
| 2.30.3 | 5 | 6/24/2026 |
| 2.30.2 | 5 | 6/24/2026 |
| 2.30.1 | 6 | 6/24/2026 |
| 2.30.0 | 6 | 6/24/2026 |
| 2.29.1 | 7 | 6/22/2026 |
| 2.29.0 | 4 | 6/22/2026 |
| 2.28.1 | 4 | 6/22/2026 |
| 2.28.0 | 4 | 6/22/2026 |
| 2.27.0 | 5 | 6/22/2026 |
| 2.26.0 | 7 | 6/22/2026 |
| 2.25.0 | 4 | 6/22/2026 |
| 2.24.0 | 8 | 6/22/2026 |
| 2.23.0 | 6 | 6/21/2026 |
| 2.22.0 | 8 | 6/21/2026 |
| 2.21.0 | 7 | 6/21/2026 |
| 2.20.1 | 5 | 6/21/2026 |
| 2.20.0 | 4 | 6/21/2026 |
| 2.19.0 | 6 | 6/21/2026 |
| 2.18.0 | 7 | 6/21/2026 |
| 2.17.0 | 5 | 6/21/2026 |
| 2.16.0 | 5 | 6/21/2026 |
| 2.15.0 | 9 | 6/21/2026 |
| 2.14.1 | 8 | 6/20/2026 |
| 2.14.0 | 8 | 6/20/2026 |
| 2.13.0 (current version) | 7 | 6/20/2026 |
| 2.12.1 | 6 | 6/20/2026 |
| 2.12.0 | 9 | 6/20/2026 |
| 2.11.1 | 6 | 6/20/2026 |
| 2.11.0 | 5 | 6/19/2026 |
| 2.10.8 | 11 | 6/19/2026 |
| 2.10.7 | 16 | 6/19/2026 |
| 2.10.6 | 5 | 6/19/2026 |
| 2.10.5 | 6 | 6/19/2026 |
| 2.10.4 | 14 | 6/18/2026 |
| 2.10.3 | 9 | 6/18/2026 |
| 2.10.2 | 8 | 6/18/2026 |
| 2.10.1 | 7 | 6/18/2026 |
| 2.10.0 | 6 | 6/18/2026 |
| 2.9.4 | 7 | 6/18/2026 |
| 2.9.3 | 7 | 6/18/2026 |
| 2.9.2 | 5 | 6/18/2026 |
| 2.9.1 | 5 | 6/18/2026 |
| 2.9.0 | 9 | 6/17/2026 |
| 2.8.1 | 7 | 6/17/2026 |
| 2.8.0 | 7 | 6/17/2026 |
| 2.7.0 | 11 | 6/17/2026 |
| 2.6.0 | 6 | 6/16/2026 |
| 2.5.2 | 7 | 6/16/2026 |
| 2.5.1 | 6 | 6/16/2026 |
| 2.5.0 | 6 | 6/16/2026 |
| 2.4.4 | 6 | 6/16/2026 |
| 2.4.3 | 6 | 6/16/2026 |
| 2.4.2 | 7 | 6/16/2026 |
| 2.4.1 | 8 | 6/15/2026 |
| 2.4.0 | 9 | 6/11/2026 |
| 2.3.1 | 12 | 5/28/2026 |
| 2.3.0 | 5 | 5/28/2026 |
| 2.2.1 | 12 | 5/15/2026 |
| 2.2.0 | 4 | 5/15/2026 |