Move Get-HawkUserHiddenRule to WorkInProgress folder as it is now dep…

…recated.
T0pCyber · Feb 9, 2025 · ec54300 · ec54300
1 parent 5a5629e
commit ec54300
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 2 deletions.
diff --git a/Hawk/Hawk.psd1 b/Hawk/Hawk.psd1
@@ -72,7 +72,6 @@
 	'Start-HawkUserInvestigation',
 	'Update-HawkModule',
 	'Get-HawkUserAdminAudit',
-	'Get-HawkUserHiddenRule',
 	'Get-HawkMessageHeader',
 	'Get-HawkUserPWNCheck',
 	'Get-HawkUserAutoReply',

diff --git a/Hawk/internal/WorkInProgress/Get-HawkTenantMailItemsAccessed.ps1 b/Hawk/internal/WorkInProgress/Get-HawkTenantMailItemsAccessed.ps1
@@ -3,7 +3,7 @@
 .SYNOPSIS
     This will export MailboxItemsAccessed operations from the Unified Audit Log (UAL). Must be connected to Exchange Online
     using the Connect-EXO or Connect-ExchangeOnline module. M365 E5 or G5 license is required for this function to work.
-    This telemetry will ONLY be availabe if Advanced Auditing is enabled for the M365 tenant.
+    This telemetry will ONLY be available if Advanced Auditing is enabled for the M365 tenant.
 .DESCRIPTION
     Recent attacker activities have illuminated the use of the Graph API to read user mailbox contents. This will export
     logs that will be present if the attacker is using the Graph API for such actions. Note: NOT all graph API actions against

diff --git a/Hawk/internal/WorkInProgress/Get-HawkTenantUnifiedAuditLog.ps1 b/Hawk/internal/WorkInProgress/Get-HawkTenantUnifiedAuditLog.ps1
@@ -45,6 +45,10 @@
         Same as above but uses 30-minute collection intervals. Useful for environments with lower
         audit log volume where longer intervals won't risk missing data.
     #>
+
+    ###############################################################################################
+    #TODO SEE TICKET DETAILS FOR THIS: https://github.com/T0pCyber/hawk/issues/263
+    ###############################################################################################
     Param (
         [Parameter(Mandatory = $true)]
         [datetime]$StartDate,

diff --git a/...functions/User/Get-HawkUserHiddenRule.ps1 → ...WorkInProgress/Get-HawkUserHiddenRule.ps1 b/...functions/User/Get-HawkUserHiddenRule.ps1 → ...WorkInProgress/Get-HawkUserHiddenRule.ps1
@@ -40,6 +40,11 @@
 
     Looks for hidden inbox rules for all users who have "C-Level" set in CustomAttribute1
     #>
+
+    ###############################################################################################
+    #TODO SEE TICKET DETAILS FOR THIS: https://github.com/T0pCyber/hawk/issues/265
+    ###############################################################################################
+
     param (
         [Parameter(Mandatory = $true)]
         [array]$UserPrincipalName,