PSGuerrilla
2.28.0
Security assessment, threat detection, and continuous monitoring module for Google Workspace, Active Directory, and Microsoft cloud environments. Includes Google Workspace compromise assessment with 23 detection signals, Active Directory reconnaissance (205 security checks across 15 categories including transitive Tier-0 attack-path analysis, NTLM-relay preconditions,
Security assessment, threat detection, and continuous monitoring module for Google Workspace, Active Directory, and Microsoft cloud environments. Includes Google Workspace compromise assessment with 23 detection signals, Active Directory reconnaissance (205 security checks across 15 categories including transitive Tier-0 attack-path analysis, NTLM-relay preconditions, Tier-0 hygiene, telemetry posture, and adversary tradecraft indicators), Entra ID / Azure / Intune / M365 infiltration audit (202 checks, including a full 44-control EIDSCA baseline), and continuous monitoring across all four theaters (Entra ID sign-in risk, AD baseline monitoring, M365 audit log monitoring). Supports alerting via SendGrid, Mailgun, Twilio SMS, Teams, Slack, generic webhooks, PagerDuty, Pushover, Syslog (CEF/LEEF), and Windows Event Log.
Show more
Minimum PowerShell version
7.0
Installation Options
Owners
Copyright
(c) 2026 Jim Tyler. All rights reserved.
Package Details
Author(s)
- Jim Tyler Microsoft MVP
Tags
GoogleWorkspace ActiveDirectory EntraID AzureAD Intune M365 Security CompromiseAssessment IncidentResponse ThreatDetection ADSecurity CloudSecurity NTLMRelay TierZero GUI WPF PSGuerrilla
Functions
Invoke-Recon Invoke-Surveillance Invoke-Watchtower Invoke-Wiretap Invoke-Lookout Get-DeadDrop Send-Signal Send-SignalSendGrid Send-SignalMailgun Send-SignalTwilio Send-SignalTeams Send-SignalSlack Send-SignalWebhook Send-SignalPagerDuty Send-SignalPushover Send-SignalSyslog Send-SignalEventLog Send-SignalDigest Set-Safehouse Test-Safehouse Get-Safehouse Register-Patrol Unregister-Patrol Get-Patrol Update-ThreatIntel Invoke-ReconDemo Invoke-Fortification Invoke-Reconnaissance Invoke-Infiltration Invoke-Campaign Get-GuerrillaScore Get-GuerrillaMaturity Get-QuickWins Get-ComplianceCrosswalk Test-GuerrillaConditionalAccess Export-BudgetJustification Export-ExecutiveSummary Export-TechnicalReport Export-RemediationPlaybook Export-RemediationScripts Set-RiskAcceptance Get-RiskAcceptance Get-TrendReport Export-ReportPdf Export-Dashboard Export-BloodHoundData Export-GuerrillaJUnit Show-Guerrilla
Dependencies
This module has no dependencies.
Release Notes
v2.28.0: New interactive findings filter in the Reconnaissance report - a Maester-style live filter bar (status + severity buttons + text search) over both findings tables, matching the Campaign report. New shared helper Get-GuerrillaFindingsFilterHtml; finding rows tagged gg-row/data-status/data-sev/data-text and filtered client-side (auto-opens collapsed categories so matches show, with a no-match notice; print-safe). Completes roadmap M3 (interactive report + Indicators of Exposure). Report-only: no engine/check/scoring changes (517 checks, 48 public functions). Samples regenerated. Test verify-report-sections.ps1 (39/39). Maester roadmap M1 (EIDSCA) + M2 (CA what-if) + M3 (report + IOE + filtering) + M4 (CI/CD) done; remaining M6 EXO/email depth (needs live tenant), M7 governance. Purple Knight fully addressed. v2.27.0: New Indicators of Exposure - a Purple-Knight-style ranked, severity-scored exposure view (Get-GuerrillaIndicatorsOfExposureHtml) added to the Reconnaissance, Google Workspace, Campaign, and Technical reports. Each open FAIL/WARN finding becomes a named indicator with its blast radius (affected-object count), ranked by severity then FAIL-before-WARN then impact, under a Critical/High/Medium/Low summary - the data you already collect, presented the way a CISO (or a Purple Knight user) reads it. Report-only: no engine/check/scoring changes (517 checks, 48 public functions). Samples regenerated (Infiltration/Campaign samples now include the 44 EIDSCA checks). Test verify-report-sections.ps1 (36/36). Maester roadmap M1 (EIDSCA) + M2 (CA what-if) + M4 (CI/CD) + M3 (Indicators of Exposure) done; remaining M3 interactive filtering polish, M6 EXO/email depth. Purple Knight presentation edge closed. See CHANGELOG.md for v2.27.0 and earlier.
FileList
- PSGuerrilla.nuspec
- Public\Test-Safehouse.ps1
- Public\Invoke-Infiltration.ps1
- Private\Core\Get-AlertDeduplication.ps1
- Private\Core\Initialize-ConfigMigration.ps1
- Private\Audit\Resolve-GooglePolicyValue.ps1
- Private\Export\Export-WiretapReportHtml.ps1
- Private\Export\Export-SurveillanceReportJson.ps1
- Private\Console\Write-SpectreBarChart.ps1
- Data\AuditChecks\EntraFedChecks.json
- Data\AuditChecks\ADDomainForestChecks.json
- Private\AD\Core\Get-ADGroupPolicyObjects.ps1
- Private\M365Monitor\Core\New-M365ChangeProfile.ps1
- Private\EntraMonitor\Detections\Test-EntraSubscriptionPermChange.ps1
- Private\Entra\Core\Get-EntraApplicationData.ps1
- Private\ADMonitor\Core\Compare-ADBaseline.ps1
- LICENSE
- Public\Send-SignalPushover.ps1
- Public\Get-Patrol.ps1
- Private\Core\Test-UserSuspension.ps1
- Private\Core\Test-BruteForce.ps1
- Private\Audit\Compare-FortificationState.ps1
- Private\Export\Export-FieldReportCsv.ps1
- Private\Export\Export-ReconnaissanceReportHtml.ps1
- Private\Console\Write-SpectreTree.ps1
- Data\AuditChecks\EntraAppChecks.json
- Data\AuditChecks\GoogleTradecraftChecks.json
- Private\AD\Core\Get-ADCertificateServices.ps1
- Private\M365Monitor\Detections\Test-M365PowerAutomateFlow.ps1
- Private\EntraMonitor\Detections\Test-EntraCAPolicyChange.ps1
- Private\Entra\Core\Get-EntraConditionalAccessData.ps1
- Private\ADMonitor\Core\Get-ADBaseline.ps1
- CHANGELOG.md
- Public\Get-TrendReport.ps1
- Public\Export-Dashboard.ps1
- Private\Core\Update-ThreatIntelData.ps1
- Private\Core\Test-WorkspaceSettingChange.ps1
- Private\Audit\Get-FortificationData.ps1
- Private\Export\Export-WatchtowerReportCsv.ps1
- Private\Vault\Test-CredentialConnectivity.ps1
- Private\Console\Write-WiretapReport.ps1
- Data\AuditChecks\EntraPIMChecks.json
- Data\AuditChecks\ADPrivilegedAccountChecks.json
- Private\AD\Core\Get-ADTradecraftSignals.ps1
- Private\M365Monitor\Detections\Test-M365DLPPolicyChange.ps1
- Private\EntraMonitor\Detections\Test-EntraAuthMethodChange.ps1
- Private\Entra\Core\Get-EntraFederationData.ps1
- Private\ADMonitor\Detections\Test-ADServiceAccountCreation.ps1
- PSGuerrilla.format.ps1xml
- Public\Export-BloodHoundData.ps1
- Public\Send-Signal.ps1
- Private\Core\Test-EmailForwarding.ps1
- Private\Core\Get-LocalizedString.ps1
- Private\Audit\Invoke-LoggingAlertingChecks.ps1
- Private\Export\Export-CampaignReportCsv.ps1
- Private\Vault\Get-SafehouseSecret.ps1
- Private\Console\Write-FieldReport.ps1
- Data\AuditChecks\ADAttackPathChecks.json
- Data\AuditChecks\EntraAuthChecks.json
- Private\AD\Core\Get-ADFullDomainAcl.ps1
- Private\M365Monitor\Detections\Test-M365EDiscoverySearch.ps1
- Private\EntraMonitor\Detections\Test-EntraPasswordSpray.ps1
- Private\Entra\Core\Resolve-CAWhatIf.ps1
- Private\ADMonitor\Detections\Test-ADSensitivePasswordChange.ps1
- AI-USAGE.md
- Public\Send-SignalDigest.ps1
- Public\Export-BudgetJustification.ps1
- Private\Core\Test-NewDevice.ps1
- Private\Core\Test-UserAgentAnomaly.ps1
- Private\Audit\Invoke-OAuthSecurityChecks.ps1
- Private\Export\Export-SurveillanceReportCsv.ps1
- Private\Vault\Save-SafehouseCredentialSet.ps1
- Private\Console\Write-FortificationReport.ps1
- Data\AuditChecks\TierZeroChecks.json
- Data\AuditChecks\M365SharePointChecks.json
- Private\AD\Core\Get-ADObjectACLs.ps1
- Private\M365Monitor\Detections\Test-M365ForwardingRule.ps1
- Private\EntraMonitor\Detections\Test-EntraAdminUnitChange.ps1
- Private\Entra\Checks\Invoke-EntraAppChecks.ps1
- Private\ADMonitor\Detections\Test-ADAdminSDHolderChange.ps1
- README.md
- Public\Invoke-ReconDemo.ps1
- Public\Test-GuerrillaConditionalAccess.ps1
- Private\Core\New-UserCompromiseProfile.ps1
- Private\Core\Invoke-PendingKeyFileCleanup.ps1
- Private\Audit\Get-GuerrillaSimulatedFindings.ps1
- Private\Export\Export-FortificationReportJson.ps1
- Private\Vault\Get-SafehouseCredentialView.ps1
- Private\Console\Write-InfiltrationReport.ps1
- Data\AuditChecks\M365AuditChecks.json
- Data\AuditChecks\M365DefenderChecks.json
- Private\AD\Core\Get-ADTierZeroSignals.ps1
- Private\M365Monitor\Detections\Test-M365DefenderAlertChange.ps1
- Private\EntraMonitor\Detections\Test-EntraLeakedCredential.ps1
- Private\Entra\Checks\Invoke-M365PowerPlatformChecks.ps1
- Private\ADMonitor\Detections\Test-ADPrivilegedGroupChange.ps1
- CONTRIBUTING.md
- Public\Get-GuerrillaScore.ps1
- Public\Send-SignalEventLog.ps1
- Private\Core\Save-OperationState.ps1
- Private\Core\Get-CloudIpClassification.ps1
- Private\Audit\Get-AuditCategoryDefinitions.ps1
- Private\Export\Export-CampaignReportHtml.ps1
- Private\Vault\Show-SafehouseStatus.ps1
- Private\Console\Write-ProgressLine.ps1
- Data\AuditChecks\M365ExchangeChecks.json
- Data\AuditChecks\IntuneChecks.json
- Private\AD\Checks\Invoke-ADNetworkChecks.ps1
- Private\M365Monitor\Detections\Test-M365TeamsExternalAccess.ps1
- Private\EntraMonitor\Detections\Test-EntraImpossibleTravel.ps1
- Private\Entra\Checks\Invoke-EntraPIMChecks.ps1
- Private\ADMonitor\Detections\Test-ADCertTemplateChange.ps1
- PSGuerrilla.psd1
- Public\Invoke-Watchtower.ps1
- Public\Show-Guerrilla.ps1
- Private\Core\Test-DriveExternalSharing.ps1
- Private\Core\Get-OperationState.ps1
- Private\Audit\Invoke-CollaborationChecks.ps1
- Private\Export\Export-ReconnaissanceReportJson.ps1
- Private\Vault\Initialize-GuerrillaVault.ps1
- Private\Console\Get-GuerrillaScoreLabel.ps1
- Data\AuditChecks\ADKerberosChecks.json
- Private\AD\Core\Invoke-LdapQuery.ps1
- Private\AD\Checks\Invoke-ADPasswordPolicyChecks.ps1
- Private\M365Monitor\Detections\Test-M365ExternalSharingChange.ps1
- Private\EntraMonitor\Detections\Test-EntraGuestInvitation.ps1
- Private\Entra\Checks\Invoke-EntraFedChecks.ps1
- Private\ADMonitor\Detections\Test-ADDelegationChange.ps1
- Public\Send-SignalTwilio.ps1
- Public\Get-GuerrillaMaturity.ps1
- Private\Core\Add-ScanHistoryEntry.ps1
- Private\Core\Test-DomainWideDelegation.ps1
- Private\Audit\Invoke-GoogleTradecraftChecks.ps1
- Private\Export\Export-SurveillanceReportHtml.ps1
- Private\Vault\Set-GuerrillaCredential.ps1
- Private\Console\Write-WatchtowerReport.ps1
- Data\AuditChecks\ADAclDelegationChecks.json
- Private\AD\Core\Get-ADDomainInfo.ps1
- Private\AD\Checks\Invoke-ADDomainForestChecks.ps1
- Private\M365Monitor\Detections\Test-M365AuditLogDisablement.ps1
- Private\EntraMonitor\Detections\Test-EntraAnomalousToken.ps1
- Private\Entra\Checks\Invoke-EntraAuthChecks.ps1
- Private\ADMonitor\Detections\Test-ADKrbtgtChange.ps1
- PSGuerrilla.psm1
- Public\Send-SignalSendGrid.ps1
- Public\Register-Patrol.ps1
- Private\Core\Test-HighRiskOAuthApp.ps1
- Private\Core\Get-ThreatScore.ps1
- Private\Audit\New-AuditFinding.ps1
- Private\Export\Export-FieldReportHtml.ps1
- Private\Vault\Get-VaultMetadata.ps1
- Private\Console\Write-CampaignReport.ps1
- Data\AuditChecks\ADPasswordPolicyChecks.json
- Private\AD\Core\Resolve-ADSid.ps1
- Private\AD\Checks\Invoke-ADTrustChecks.ps1
- Private\M365Monitor\Detections\Test-M365BulkFileExfiltration.ps1
- Private\EntraMonitor\Detections\Test-EntraAnonymousIp.ps1
- Private\Entra\Checks\Invoke-EntraTenantChecks.ps1
- Private\ADMonitor\Detections\Test-ADReplicationAnomaly.ps1
- Public\Export-GuerrillaJUnit.ps1
- Public\Get-Safehouse.ps1
- Private\Core\Test-BulkFileDownload.ps1
- Private\Core\Test-AdminAction.ps1
- Private\Audit\Resolve-DomainMailSecurity.ps1
- Private\Export\Export-WatchtowerReportHtml.ps1
- Private\Vault\Set-VaultMetadata.ps1
- Private\Console\Write-OperationHeader.ps1
- Data\AuditChecks\EidscaChecks.json
- Private\AD\Core\Get-ADPrivilegedMembers.ps1
- Private\AD\Checks\Invoke-ADGroupPolicyChecks.ps1
- Private\M365Monitor\Detections\Test-M365TransportRuleChange.ps1
- Private\EntraMonitor\Detections\Test-EntraServicePrincipalCred.ps1
- Private\Entra\Checks\Invoke-EntraCAChecks.ps1
- Private\ADMonitor\Detections\Test-ADDCSyncPermission.ps1
- Config\guerrilla-config-schema.json
- Public\Send-SignalMailgun.ps1
- Public\Export-ExecutiveSummary.ps1
- Private\Core\Get-TheaterState.ps1
- Private\Google\Get-GoogleCloudIdentityPolicies.ps1
- Private\Audit\Get-AuditPostureScore.ps1
- Private\Export\Export-WiretapReportJson.ps1
- Private\Vault\Get-GuerrillaCredential.ps1
- Data\Profiles\K12-Baseline.json
- Data\AuditChecks\M365PowerPlatformChecks.json
- Private\AD\Core\Test-ADModuleAvailability.ps1
- Private\AD\Checks\Invoke-ADAclDelegationChecks.ps1
- Private\EntraMonitor\Core\Get-EntraDirectoryAudits.ps1
- Private\EntraMonitor\Detections\Test-EntraAuditLogGap.ps1
- Private\Entra\Checks\Invoke-AzureIAMChecks.ps1
- Private\ADMonitor\Detections\Test-ADGPOLinkChange.ps1
- Config\guerrilla-defaults.json
- Public\Export-TechnicalReport.ps1
- Public\Invoke-Fortification.ps1
- Private\Core\Hide-ConfigSecret.ps1
- Private\Google\Get-GoogleAccessToken.ps1
- Private\Audit\Invoke-AdminManagementChecks.ps1
- Private\Export\Export-InfiltrationReportHtml.ps1
- Private\Vault\Read-MissionConfig.ps1
- Data\Profiles\Default-Baseline.json
- Data\AuditChecks\AuthenticationChecks.json
- Private\AD\Core\Get-ReconnaissanceData.ps1
- Private\AD\Checks\Invoke-ADLogonScriptChecks.ps1
- Private\EntraMonitor\Core\Get-EntraSignInEvents.ps1
- Private\EntraMonitor\Detections\Test-EntraTenantSettingChange.ps1
- Private\Entra\Checks\Invoke-M365AuditChecks.ps1
- Private\ADMonitor\Detections\Test-ADTrustChange.ps1
- Public\Invoke-Campaign.ps1
- Public\Set-Safehouse.ps1
- Public\Invoke-Surveillance.ps1
- Private\Core\Get-GuerrillaScoreCalculation.ps1
- Private\Google\Invoke-GoogleReportsApi.ps1
- Private\Audit\Invoke-DeviceManagementChecks.ps1
- Private\Export\Export-FortificationReportCsv.ps1
- Private\Console\Write-GuerrillaText.ps1
- Data\Localization\en-US.json
- Data\AuditChecks\ADTradecraftChecks.json
- Private\AD\Core\Get-ADTrustRelationships.ps1
- Private\AD\Checks\Invoke-ADCertificateServicesChecks.ps1
- Private\EntraMonitor\Core\Get-EntraMonitorThreatScore.ps1
- Private\EntraMonitor\Detections\Test-EntraFederationChange.ps1
- Private\Entra\Checks\Invoke-EntraEidscaChecks.ps1
- Private\ADMonitor\Detections\Test-ADLdapQueryAnomaly.ps1
- Public\Export-RemediationScripts.ps1
- Public\Export-ReportPdf.ps1
- Public\Send-SignalTeams.ps1
- Private\Core\Test-2svDisablement.ps1
- Private\Google\New-GoogleJwt.ps1
- Private\Audit\Invoke-AuthenticationChecks.ps1
- Private\Export\Export-InfiltrationReportCsv.ps1
- Private\Console\Write-ReconnaissanceReport.ps1
- Data\AuditChecks\ADGroupPolicyChecks.json
- Data\AuditChecks\AdminManagementChecks.json
- Private\AD\Core\Get-ADNetworkConfig.ps1
- Private\AD\Checks\Invoke-ADAttackPathChecks.ps1
- Private\EntraMonitor\Core\New-EntraRiskProfile.ps1
- Private\Entra\Core\Get-InfiltrationData.ps1
- Private\Entra\Checks\Invoke-M365DefenderChecks.ps1
- Private\ADMonitor\Detections\Test-ADOUPermissionChange.ps1
- Public\Set-RiskAcceptance.ps1
- Public\Invoke-Lookout.ps1
- Data\SuspiciousCountries.json
- Private\Core\Test-ImpossibleTravel.ps1
- Private\Google\Get-GoogleGroupSettings.ps1
- Private\Gui\Invoke-GuerrillaGuiAsync.ps1
- Private\Export\Export-ReconnaissanceReportCsv.ps1
- Private\Console\Write-SpectreTable.ps1
- Data\AuditChecks\ADTrustChecks.json
- Data\AuditChecks\AzureIAMChecks.json
- Private\AD\Core\Get-ADDomainControllers.ps1
- Private\AD\Checks\Invoke-TierZeroChecks.ps1
- Private\EntraMonitor\Core\Get-EntraRiskDetections.ps1
- Private\Entra\Core\Get-EntraTenantData.ps1
- Private\Entra\Checks\Invoke-M365SharePointChecks.ps1
- Private\ADMonitor\Detections\Test-ADEnterpriseAdminChange.ps1
- Public\Get-QuickWins.ps1
- Public\Update-ThreatIntel.ps1
- Data\VpnTorProxies.json
- Private\Core\Save-TheaterState.ps1
- Private\Google\Invoke-GoogleAdminApi.ps1
- Private\Gui\Show-AddCredentialDialog.ps1
- Private\Export\Get-GuerrillaReportSectionHtml.ps1
- Private\Console\Get-FortificationScoreLabel.ps1
- Data\AuditChecks\EntraCAChecks.json
- Data\AuditChecks\EmailSecurityChecks.json
- Private\AD\Core\Get-ADPasswordPolicies.ps1
- Private\AD\Checks\Invoke-ADLoggingChecks.ps1
- Private\EntraMonitor\Detections\Test-EntraMalwareIp.ps1
- Private\Entra\Core\Get-AzureIAMData.ps1
- Private\Entra\Checks\Invoke-M365ExchangeChecks.ps1
- Private\ADMonitor\Detections\Test-ADSchemaChange.ps1
- Public\Send-SignalPagerDuty.ps1
- Public\Get-DeadDrop.ps1
- Data\ComplianceCrosswalk.json
- Private\Core\Find-ThreatActorProfile.ps1
- Private\Graph\Invoke-GraphApi.ps1
- Private\Gui\Get-GuerrillaGuiTheme.ps1
- Private\Export\Export-FortificationReportHtml.ps1
- Private\Console\Write-SpectreProgress.ps1
- Data\AuditChecks\OAuthSecurityChecks.json
- Data\AuditChecks\ADCertificateServicesChecks.json
- Private\AD\Core\Get-ADLogonScripts.ps1
- Private\AD\Checks\Invoke-ADPrivilegedAccountChecks.ps1
- Private\EntraMonitor\Detections\Test-EntraRiskySignIn.ps1
- Private\Entra\Core\Resolve-EidscaControl.ps1
- Private\Entra\Checks\Invoke-IntuneChecks.ps1
- Private\ADMonitor\Detections\Test-ADDomainAdminChange.ps1
- Public\Send-SignalSyslog.ps1
- Public\Get-ComplianceCrosswalk.ps1
- Data\ThreatActorProfiles.json
- Private\Core\Invoke-AlertEscalation.ps1
- Private\Graph\Get-GraphAccessToken.ps1
- Private\Gui\Show-GuerrillaWindow.ps1
- Private\Export\Export-TrendReportHtml.ps1
- Private\Console\Write-InterceptAlert.ps1
- Data\AuditChecks\CollaborationChecks.json
- Data\AuditChecks\DriveSecurityChecks.json
- Private\AD\Core\New-LdapConnection.ps1
- Private\AD\Checks\Invoke-ADKerberosChecks.ps1
- Private\EntraMonitor\Detections\Test-EntraUnfamiliarSignIn.ps1
- Private\Entra\Core\Get-EntraAuthMethodsData.ps1
- Private\Entra\Checks\Invoke-M365TeamsChecks.ps1
- Private\ADMonitor\Detections\Test-ADDnsRecordChange.ps1
- Public\Invoke-Wiretap.ps1
- Public\Export-RemediationPlaybook.ps1
- Data\RemediationCosts.json
- Private\Core\Test-ConcurrentSessions.ps1
- Private\Graph\Test-GraphModuleAvailability.ps1
- Private\Export\Export-InfiltrationReportJson.ps1
- Private\Export\Export-CampaignReportJson.ps1
- Private\Console\Write-SpectrePanel.ps1
- Data\AuditChecks\ADStaleObjectChecks.json
- Data\AuditChecks\ADNetworkChecks.json
- Private\AD\Core\Get-ADAttackPath.ps1
- Private\AD\Checks\Invoke-ADStaleObjectChecks.ps1
- Private\EntraMonitor\Detections\Test-EntraAppPermissionGrant.ps1
- Private\Entra\Core\Get-EntraPIMData.ps1
- Private\ADMonitor\Core\New-ADChangeProfile.ps1
- Private\ADMonitor\Detections\Test-ADGPOChange.ps1
- Public\Invoke-Recon.ps1
- Public\Invoke-Reconnaissance.ps1
- Data\CloudIpRanges.json
- Private\Core\Test-AfterHoursLogin.ps1
- Private\Graph\Invoke-AzureRMApi.ps1
- Private\Export\Export-WiretapReportCsv.ps1
- Private\Export\Export-DashboardHtml.ps1
- Private\Console\Write-SurveillanceReport.ps1
- Data\AuditChecks\M365TeamsChecks.json
- Data\AuditChecks\EntraTenantChecks.json
- Private\AD\Core\Get-ADTransitiveAttackPath.ps1
- Private\AD\Checks\Invoke-ADTradecraftChecks.ps1
- Private\EntraMonitor\Detections\Test-EntraGlobalAdminAssignment.ps1
- Private\Entra\Core\Get-M365ServiceData.ps1
- Private\ADMonitor\Core\Get-ADMonitorThreatScore.ps1
- Private\ADMonitor\Detections\Test-ADCertEnrollmentAnomaly.ps1
- Public\Send-SignalWebhook.ps1
- Public\Unregister-Patrol.ps1
- Data\HighRiskOAuthApps.json
- Private\Core\Get-IpGeoData.ps1
- Private\Audit\Invoke-DriveSecurityChecks.ps1
- Private\Export\Export-WatchtowerReportJson.ps1
- Private\Export\Export-FieldReportJson.ps1
- Private\Console\Write-GuerrillaBanner.ps1
- Data\AuditChecks\ADLoggingChecks.json
- Data\AuditChecks\LoggingAlertingChecks.json
- Private\AD\Core\Get-ADStaleObjects.ps1
- Private\M365Monitor\Core\Get-M365MonitorThreatScore.ps1
- Private\EntraMonitor\Detections\Test-EntraPrivilegedRoleChange.ps1
- Private\Entra\Core\Get-IntuneData.ps1
- Private\ADMonitor\Core\Get-ADMonitorData.ps1
- Private\ADMonitor\Detections\Test-ADComputerAccountCreation.ps1
- Public\Get-RiskAcceptance.ps1
- Public\Send-SignalSlack.ps1
- Data\KnownAttackerIps.json
- Private\Core\Get-ResourceConstrainedFixes.ps1
- Private\Audit\Invoke-EmailSecurityChecks.ps1
- Private\Export\Get-GuerrillaReportTheme.ps1
- Private\Export\Format-SignalContent.ps1
- Private\Console\Initialize-SpectreCapability.ps1
- Data\AuditChecks\ADLogonScriptChecks.json
- Data\AuditChecks\DeviceManagementChecks.json
- Private\AD\Core\Get-ADKerberosConfig.ps1
- Private\M365Monitor\Core\Get-M365AuditEvents.ps1
Version History
| Version | Downloads | Last updated |
|---|---|---|
| 2.37.0 | 5 | 6/27/2026 |
| 2.36.0 | 5 | 6/27/2026 |
| 2.35.0 | 6 | 6/26/2026 |
| 2.34.0 | 4 | 6/25/2026 |
| 2.33.0 | 3 | 6/25/2026 |
| 2.32.2 | 4 | 6/25/2026 |
| 2.32.1 | 4 | 6/25/2026 |
| 2.32.0 | 6 | 6/25/2026 |
| 2.31.0 | 7 | 6/24/2026 |
| 2.30.3 | 5 | 6/24/2026 |
| 2.30.2 | 5 | 6/24/2026 |
| 2.30.1 | 6 | 6/24/2026 |
| 2.30.0 | 6 | 6/24/2026 |
| 2.29.1 | 7 | 6/22/2026 |
| 2.29.0 | 4 | 6/22/2026 |
| 2.28.1 | 4 | 6/22/2026 |
| 2.28.0 (current version) | 4 | 6/22/2026 |
| 2.27.0 | 5 | 6/22/2026 |
| 2.26.0 | 7 | 6/22/2026 |
| 2.25.0 | 4 | 6/22/2026 |
| 2.24.0 | 8 | 6/22/2026 |
| 2.23.0 | 6 | 6/21/2026 |
| 2.22.0 | 8 | 6/21/2026 |
| 2.21.0 | 7 | 6/21/2026 |
| 2.20.1 | 5 | 6/21/2026 |
| 2.20.0 | 4 | 6/21/2026 |
| 2.19.0 | 6 | 6/21/2026 |
| 2.18.0 | 7 | 6/21/2026 |
| 2.17.0 | 5 | 6/21/2026 |
| 2.16.0 | 5 | 6/21/2026 |
| 2.15.0 | 9 | 6/21/2026 |
| 2.14.1 | 8 | 6/20/2026 |
| 2.14.0 | 8 | 6/20/2026 |
| 2.13.0 | 7 | 6/20/2026 |
| 2.12.1 | 6 | 6/20/2026 |
| 2.12.0 | 9 | 6/20/2026 |
| 2.11.1 | 6 | 6/20/2026 |
| 2.11.0 | 5 | 6/19/2026 |
| 2.10.8 | 11 | 6/19/2026 |
| 2.10.7 | 16 | 6/19/2026 |
| 2.10.6 | 5 | 6/19/2026 |
| 2.10.5 | 6 | 6/19/2026 |
| 2.10.4 | 14 | 6/18/2026 |
| 2.10.3 | 9 | 6/18/2026 |
| 2.10.2 | 8 | 6/18/2026 |
| 2.10.1 | 7 | 6/18/2026 |
| 2.10.0 | 6 | 6/18/2026 |
| 2.9.4 | 7 | 6/18/2026 |
| 2.9.3 | 7 | 6/18/2026 |
| 2.9.2 | 5 | 6/18/2026 |
| 2.9.1 | 5 | 6/18/2026 |
| 2.9.0 | 9 | 6/17/2026 |
| 2.8.1 | 7 | 6/17/2026 |
| 2.8.0 | 7 | 6/17/2026 |
| 2.7.0 | 11 | 6/17/2026 |
| 2.6.0 | 6 | 6/16/2026 |
| 2.5.2 | 7 | 6/16/2026 |
| 2.5.1 | 6 | 6/16/2026 |
| 2.5.0 | 6 | 6/16/2026 |
| 2.4.4 | 6 | 6/16/2026 |
| 2.4.3 | 6 | 6/16/2026 |
| 2.4.2 | 7 | 6/16/2026 |
| 2.4.1 | 8 | 6/15/2026 |
| 2.4.0 | 9 | 6/11/2026 |
| 2.3.1 | 12 | 5/28/2026 |
| 2.3.0 | 5 | 5/28/2026 |
| 2.2.1 | 12 | 5/15/2026 |
| 2.2.0 | 4 | 5/15/2026 |