POWERSHELL SCRIPT TO EXPORT PHISH INCIDENTS IN OFFICE 365 EXCHANGE ONLINE
POWERSHELL SCRIPT TO EXPORT PHISH INCIDENTS IN OFFICE 365 EXCHANGE ONLINE
- Open PowerShell using “Run as administrator”.
- Connect to Exchange Online PowerShell session.
/en-us/powershell/exchange/connect-to-exchange-online-powershell?view=exchange-ps
- Run command below Get-MailDetailATPReport to get the detailed report. Change the parameter value in yellow color before running the command.
Get-MailDetailATPReport -StartDate 07/01/2020 -EndDate 07/05/2020|where {($_.eventtype -eq "Advanced phish filter") -or ($_.eventtype -eq "Anti-spoof: Intra-org") -or ($_.eventtype -eq "Anti-spoof: external domain") -or ($_.eventtype -eq "Domain impersonation*") -or ($_.eventtype -eq "User impersonation*") -or ($_.eventtype -eq "Brand impersonation") -or ($_.eventtype -eq "General phish filter") -or ($_.eventtype -eq "Malicious URL reputation") -or ($_.eventtype -eq "Phish ZAP")} | Export-Csv -Path c:\PS\PHISHREPORT.csv
-end-