Modify Get-HawkTenantConsentGrant investigate output to reflect outpu…

…t of other investigate logs.

Hawk/functions/Tenant/Get-HawkTenantAdminInboxRuleCreation.ps1

@@ -82,7 +82,7 @@ Function Get-HawkTenantAdminInboxRuleCreation {
 
                 if ($SuspiciousRules) {
                     Out-LogFile "Found $($SuspiciousRules.Count) inbox rule creation events" -Notice
-                    Out-LogFile "Please verify this activity is legitimate. Details in _Investigate_Admin_Inbox_Rules_Creation.csv/json" -Notice
+                    Out-LogFile "Please verify this activity is legitimate."-Notice
                     $SuspiciousRules | Out-MultipleFileType -FilePrefix "_Investigate_Admin_Inbox_Rules_Creation" -csv -json -Notice
                 }
             }

Hawk/functions/Tenant/Get-HawkTenantAdminInboxRuleModification.ps1

@@ -86,7 +86,7 @@ Function Get-HawkTenantAdminInboxRuleModification {
 
                 if ($SuspiciousModifications) {
                     Out-LogFile "Found $($SuspiciousModifications.Count) inbox rule modification events" -Notice
-                    Out-LogFile "Please verify this activity is legitimate. Details in _Investigate_Admin_Inbox_Rules_Modification.csv/json" -Notice
+                    Out-LogFile "Please verify this activity is legitimate." -Notice
                     $SuspiciousModifications | Out-MultipleFileType -FilePrefix "_Investigate_Admin_Inbox_Rules_Modification" -csv -json -Notice
                 }
             }

Hawk/functions/Tenant/Get-HawkTenantAdminInboxRuleRemoval.ps1

@@ -80,7 +80,7 @@ Function Get-HawkTenantAdminInboxRuleRemoval {
 
                 if ($SuspiciousRemovals) {
                     Out-LogFile "Found $($SuspiciousRemovals.Count) inbox rule removal events" -Notice
-                    Out-LogFile "Please verify this activity is legitimate. Details in _Investigate_Admin_Inbox_Rules_Removal.csv/json" -Notice
+                    Out-LogFile "Please verify this activity is legitimate." -Notice
                     $SuspiciousRemovals | Out-MultipleFileType -FilePrefix "_Investigate_Admin_Inbox_Rules_Removal" -csv -json -Notice
                 }
             }

Hawk/functions/Tenant/Get-HawkTenantAdminMailboxPermissionChange.ps1

@@ -80,7 +80,7 @@ Function Get-HawkTenantAdminMailboxPermissionChange {
 
                 if ($SensitiveGrants) {
                     Out-LogFile "Found $($SensitiveGrants.Count) mailbox permission changes" -Notice
-                    Out-LogFile "Please verify this activity is legitimate. Details in _Investigate_Mailbox_Permission_Change.csv/json" -Notice
+                    Out-LogFile "Please verify this activity is legitimate."-Notice
                     $SensitiveGrants | Out-MultipleFileType -FilePrefix "_Investigate_Mailbox_Permission_Change" -csv -json -Notice
                 }
             }

Hawk/functions/Tenant/Get-HawkTenantConsentGrant.ps1

@@ -98,7 +98,7 @@
     }
 
     if ($flag) {
-        Out-LogFile "Please verify these grants are legitimate / required. Details in _Investigate_Consent_Grants.csv/json" -Notice
+        Out-LogFile "Please verify these grants are legitimate / required." -Notice
         Out-LogFile 'For more information on understanding these results results, visit' -Notice
         Out-LogFile 'https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/detect-and-remediate-illicit-consent-grants' -Notice
 

Hawk/functions/Tenant/Get-HawkTenantRiskyUsers.ps1

@@ -144,7 +144,6 @@ Function Get-HawkTenantRiskyUsers {
                 $lowRisk = ($riskyUserGroups.Low).Count
 
                 Out-LogFile "Found risky users: $highRisk High, $mediumRisk Medium, $lowRisk Low" -Notice
-                Out-LogFile "Details in _Investigate_Risky_Users.csv/json" -Notice
                 $nonCompromisedRiskUsers | Out-MultipleFileType -FilePrefix "_Investigate_Risky_Users" -csv -json -Notice
             }
         }

Hawk/functions/User/Get-HawkUserEmailForwarding.ps1

@@ -66,8 +66,9 @@
         }
         # If populated report it and add to a CSV file of positive finds
         else {
-            Out-LogFile ("Found Email forwarding User:" + $mbx.primarySMTPAddress + " ForwardingSMTPAddress:" + $mbx.ForwardingSMTPAddress + " ForwardingAddress:" + $mbx.ForwardingAddress) -notice
-            $mbx | Select-Object DisplayName, UserPrincipalName, PrimarySMTPAddress, ForwardingSMTPAddress, ForwardingAddress, DeliverToMailboxAndForward, WhenChangedUTC | Out-MultipleFileType -FilePreFix "_Investigate_Users_WithForwarding" -append -csv -json -notice
+            Out-LogFile "Found email forwarding configured for $User" -Notice
+            Out-LogFile "Please verify this activity is legitimate." -Notice
+            $mbx | Select-Object DisplayName, UserPrincipalName, PrimarySMTPAddress, ForwardingSMTPAddress, ForwardingAddress, DeliverToMailboxAndForward, WhenChangedUTC | Out-MultipleFileType -FilePreFix "_Investigate_Users_WithForwarding" -append -user $user -csv -json -Notice
         }
 
         # Add all users searched to a generic output

Hawk/functions/User/Get-HawkUserInboxRule.ps1

@@ -115,7 +115,7 @@ Function Get-HawkUserInboxRule {
             $InboxRules | Out-MultipleFileType -FilePreFix "InboxRules" -User $user -csv -json
 
             # Add all of the inbox rules to a generic collection file
-            $InboxRules | Out-MultipleFileType -FilePrefix "All_InboxRules" -csv -json -Append
+            $InboxRules | Out-MultipleFileType -FilePrefix "All_InboxRules" -User $user -csv -json -Append
         }
 
         # Get any Sweep Rules