Forum Discussion
Downloading mass of Unified Audit Logs (UAL) data
Hi, I work in data forensics. We often need to download months of UAL data from customers' Office 365 environment to analyze incidents. For example, I recently had to download 3 months of data, w...
scharest interested to know if you've made any progress or found any solutions to this issue. This is a constant thorn in the side of forensic investigators at my company as well.
We developed our own fetching script in PowerShell. We also compared it to different tools by comparing data and using statistics. So far, the best tool out there seems to be the Office 365 Extractor by PwC (https://github.com/PwC-IR/Office-365-Extractor) as it manages errors/timeouts/retries to some extent. So we mostly use that one, for UAL, and then we use our own tools for data processing and analysis. To fetch other types of data, we use our own PS scripts. Only UAL is a big problem: there is way too much throttling, random errors and/or unexplainable empty recordsets.