Content Search – Security And Compliance – Search A Mailbox For Specific Content And Then Export Results

If you’re doing some compliance investigation work, you may need to search a user’s mailbox for specific words.

This is how To Search Email Content in Office 365 Security & Compliance for a specific user which sent email containing a specific word then export results.

Reference guides – Content search

Microsoft Docs Content Search

Microsoft Docs Export Search

Content Search : How to search a mailbox for specific keywords and export the data

Mircosoft 365 Admin Center -> Compliance Admin Center

Content Search > + New Search

New Search > Keywords “Blog” example > Specific Locations > Modify > Choose Users, Groups or Teams

Enter users name > Select > Choose

Done > Save > Save & Run > Save Search

This search will trigger a default alert email to be sent out

Next step, Export the results

Unable to preview results problem or export?

If you cannot preview, you need to add a role to the user account, eDiscovery Administrator role (Example) or eDiscovery Manager for specific cases / Compliance Admin / Compliance Data Administrator

You must sign out and sign in for the groups to take effect.

Now back to the search

After the you can see the preview, now you can click Export

Click Export > ReportsOnly or Export > Copy to clipboard export key > Download report > Install eDiscovery Export Tool

Export tool installs

Use the Export Key and Set a directory. 

File Downloads

Now you can open the report exported

IT Enterprise Security – Overview

This post is looking at IT Security for the Enterprise. I have often visited new clients and reviewed the security landscape. The results are often surprising to the senior management. So the question is, does a business or brand need to review and plan IT Enterprise Security? The Sys Admin reports all the systems are all OK, the users are happy and the business hasn’t appeared on the news.  So if you are hired as an IT Enterprise Security Architect, what does that mean and what value does this role bring to a business?

Take a step back and ask yourself, what is IT Enterprise Security? How can you understand the current IT Enterprise Security state? To learn about the IT enterprise security state, you need to pick and apply a security framework to a business. For example using a security framework like NIST gives us the ability to understand the security state of the business. This framework is a method to highlight information about the overall security state and which areas need investment and have room for improvement.

So how does the process start?

Prep Work, Review Core Areas:

  • Understand the Business.
  • How or what would you attack?
  • How can you protect?
  • How would you investigate and recover?

What stage make up the core areas:

When you first enter a business unlock the knowledge.

  • What does the business do?
  • Who are the customers?
  • What is the IT infrastructure and EUC?
  • Who is the IT people? (Get to know them)
  • Who is the management and the key stake holders?

Next work out how you would break into the business

  • What ways could you get in?
  • Who would you target?
  • Would anyone know if you did break in?
  • What is the worst thing you could do?

Review and Protect

  • Identify Key resources
  • Known issues
  • Quick wins
  • 5-year strategy & budget
  • Review stages

How would you know of an attack, an abnormality and how do you remediate?

  • Logs, Monitoring, Detection & Alerts
  • Incident Procedures – Identify & Remediate.

Post to be continued – These are opinions of the author only.

Office 365 – Alert Policy – Detected Malware in File – OneDrive or SharePoint

Security and Compliance Admin Center in Office 365 you can create alert policys.

Todays challenge was to setup an Alert Policy so an admin is notifed if a user adds a file to OneDrive or SharePoint containing Malware.

Start in “Office 365 Security & Compliance > Alerts Dashboard > New Alert Policy

I started by creating an Alert, selecting Threat Management & High Severity

Set the Trigger “Detected malware in file”

Select the Admins to be notified. I set a daily limit notification limit of 5 so I’m not get overloaded with the same alert.

Then “Finish” you have the option to turn the policy on or off

View “Alert polices”

Optimising and Securing VMware Environments with Runecast Analyzer

Overview of Runecast Analyzer

A brief overview of a product which helps reduce troubleshooting time, identify issues and helps with making your vSphere system compliant. The biggest issue I see in vSphere environments is maintaining security and hardware compatibility with the HCL. The features of Runecast certainly would appear to help resolve these issues. See the key features as I see in this product. (not an exhaustive list)

Key Features (from my perspective)

  • Config KB checks
  • Best Practise
  • Security reports
  • Hardware compatibility checks
  • Logs and KBs Discovered
  • Plugin Runecast for vSphere Client
  • vRealize Orchestrator – Remediation options

Requirements

  • Base appliance starts as min spec – 2vcpu 4GB RAM appliance

Runecast Dashboard (example)

Simple clear dashboard, also available using a plugin for the vSphere Client.

  • Config KB checks

The headache in my life resolved, identify config issues highlighted.

What a useful feature, it pulls the info from the VMware Knowledge base and shows resolution

  • Best Practise

Check best practise (run a scan, only takes 1 or 2 mins.)

NTP example

SSH example enabled

  • Security reports

Security and compliance

Analyse against compliance example report and recommendations

Example if PCI DCSS (target specific PCI clusters if your required)

  • Hardware compatibility checks

Hardware Compatibility check only too often get over looked when updates and upgrades happen. Then boom things go wrong and how do you start troubleshooting the unknown. So, this feature looks good to help keep you on track.

Drill down to see the issue example

  • Logs and KBs Discovered

Logs being reviewed, another nice feature

  • Plugin Runecast for vSphere Client (The plugin mentioned at the start)
  • vRealize Orchestrator – (Remediation options with Runecast example)

This is just a brief overview of a product to help save your IT resources time and effort in managing and maintaining the vSphere environment. Seems useful to me.