Skip to content
Product
Icon-Platform
Platform

Explore the core capabilities of the Cado Platform.

 Icon-Environments
Environments

Discover the broad support that the Cado platform offers.

 Icon-Integrations
Integrations

Learn how the Cado platform integrates into your broader ecosystem.
Solutions
Use Cases
Icon-Cross-Cloud Investigations
Cross Cloud Investigations

Respond to incidents identified in AWS, Azure, and GCP in a single pane of glass.

 Icon-Container-Investigations
Container & K8s Investigations

Perform container investigations in EKS, AKS, GKE, and Kubernetes.

 Icon-Endpoint-Triage
Endpoint Triage

Automate endpoint triage for immediate insights and quick escalation.

 Icon-BEC-Compromise
BEC Investigations

Analyze critical SaaS logs to investigate Business Email Compromise.

 Icon-Incident-Containment
Attack Containment

Perform response actions to prevent incident damage and spread.

 Icon-Incidident-Response Preparedness-II
Incident Response Preparedness

Continuously assess and optimize your incident response program.
Cado For
Enterprise
MSSPs
Partners
Government
Resources
Icon-Blog
Blog

Timely commentary from the Cado Security team.

 Icon-Playbook
Playbooks

Best practices for investigating and responding to threats.

Icon-Report
Reports

Key threat discoveries by the Cado Security Labs team.

 Icon-Cheat-Sheet
Cheat Sheets

Quick tips for investigating and responding to incidents.

 Icon-News
News

The latest Cado company announcements, press, and more.

 Icon-Community
Community

Access to our free edition of the Cado platform.

 Icon-documentation
Documentation

Technical documentation on how to best leverage the Cado platform.

 White Paper 80x80
Wiki

Everything you need to know about cloud security and cloud forensics.

Company
Icon-About
About

Learn more about the Cado Security mission, vision, and team.

 Icon-Careers
Careers

Check out current career opportunities at Cado Security.
Get a Demo
    Get a Demo
      Cheat Sheet

      Investigating Microsoft 365 Compromises

      right-side-curve

      Microsoft 365 Unified Audit Logs (UAL) are a critical data source when investigating and responding to potential Microsoft 365 compromises, such as Business Email Compromise (BEC), Account Takeover (ATO), and insider threats.

      This cheat sheet is designed to provide an overview of key activity types within Microsoft 365 that are logged in the Unified Audit Log (UAL) that security teams should investigate when responding to such threats.

      This cheat sheet covers:

      • Key Microsoft 365 activity types
      • Best practices for accessing Microsoft 365 logs
      • Useful commands when investigating and responding to incidents in an M365 environment
      • Popular open-source tools and further reading
      cloud image

      Download Now