Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
POWERSHELL SCRIPT TO EXPORT PHISH INCIDENTS IN OFFICE 365 EXCHANGE ONLINE
- Open PowerShell using “Run as administrator”.
- Connect to Exchange Online PowerShell session.
/en-us/powershell/exchange/connect-to-exchange-online-powershell?view=exchange-ps
- Run command below Get-MailDetailATPReport to get the detailed report. Change the parameter value in yellow color before running the command.
Get-MailDetailATPReport -StartDate 07/01/2020 -EndDate 07/05/2020|where {($_.eventtype -eq "Advanced phish filter") -or ($_.eventtype -eq "Anti-spoof: Intra-org") -or ($_.eventtype -eq "Anti-spoof: external domain") -or ($_.eventtype -eq "Domain impersonation*") -or ($_.eventtype -eq "User impersonation*") -or ($_.eventtype -eq "Brand impersonation") -or ($_.eventtype -eq "General phish filter") -or ($_.eventtype -eq "Malicious URL reputation") -or ($_.eventtype -eq "Phish ZAP")} | Export-Csv -Path c:\PS\PHISHREPORT.csv
-end-