Adds incorrect domain to results #106
Comments
|
This is the same issue as the "wrong scan name". Sorry for duplicating the entry. It gives the same path for all tenants. Completely different sessions, and different logins. I just did one for a user investigation only. Moved to C:\Temp instead of c:\hawk. it looks like the scan was for a different tenant than was scanned. It's not life-threatening, it just looks unprofessional. |
|
@Techlisalh - Would it be possible to schedule a time talk to better understand the use case when running against multiple tenants. If so please email me hawk_feedback@microsoft.com so we can get something on the books. Thanks |
|
Sure, I I’m available on and off throughout the day…send me a time or two and we can schedule!
Kind Regards,
[NN with R Flattened_250 x 84]
…_________________________________________
Lisa Hall
IT Support Manager
Natural Networks, Inc.
7047 Carroll Road
San Diego, CA 92121
***@***.******@***.***>
www.naturalnetworks.com<https://www.naturalnetworks.com/>
(619) 222-3232, ext. 108 office<tel:%20619%20222%203232>
***@***.***
From: Paul Navarro ***@***.***>
Sent: Thursday, June 29, 2023 12:18 PM
To: T0pCyber/hawk ***@***.***>
Cc: Lisa Hall ***@***.***>; Mention ***@***.***>
Subject: Re: [T0pCyber/hawk] Adds incorrect domain to results (Issue #106)
@Techlisalh<https://github.com/Techlisalh> - Would it be possible to schedule a time talk to better understand the use case when running against multiple tenants.
—
Reply to this email directly, view it on GitHub<#106 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/A6ZXBVAU4PBJ6W74IE2QNSTXNXIGXANCNFSM6AAAAAAZXTUZQQ>.
You are receiving this because you were mentioned.Message ID: ***@***.******@***.***>>
|
|
Hi There, It looks like the MSGraph sessions persist across PowerShell sessions - see https://learn.microsoft.com/en-us/powershell/microsoftgraph/authentication-commands?view=graph-powershell-1.0 To Replicate Workaround: As it seems to get the correct data for a tenant the permanent fix is to either have HAWK disconnect once done or grab the tenant name from elsewhere in
|
|
@Techlisalh - Would Friday the 21st of July work for you? If so please email the Hawk email address so I can coordinate a meeting. |
|
I can be available on the 21st. I did see your earlier email mentioning it’s a graph issue. I appreciate the attention to this. I love this script. It’s been a lifesaver, seriously!
Kind Regards,
[NN with R Flattened_250 x 84]
…_________________________________________
Lisa Hall
IT Support Manager
Natural Networks, Inc.
7047 Carroll Road
San Diego, CA 92121
***@***.******@***.***>
www.naturalnetworks.com<https://www.naturalnetworks.com/>
(619) 222-3232, ext. 108 office<tel:%20619%20222%203232>
***@***.***
From: Paul Navarro ***@***.***>
Sent: Thursday, July 13, 2023 2:33 PM
To: T0pCyber/hawk ***@***.***>
Cc: Lisa Hall ***@***.***>; Mention ***@***.***>
Subject: Re: [T0pCyber/hawk] Adds incorrect domain to results (Issue #106)
@Techlisalh<https://github.com/Techlisalh> - Would Friday the 21st of July work for you? If so please email the Hawk email address so I can coordinate a meeting.
***@***.******@***.***>
—
Reply to this email directly, view it on GitHub<#106 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/A6ZXBVGTXH6B7VNZTLWAZ63XQBSQ5ANCNFSM6AAAAAAZXTUZQQ>.
You are receiving this because you were mentioned.Message ID: ***@***.******@***.***>>
|
Describe the bug
A clear and concise description of what the bug is.
When I run a tenant or user investigation, the results append the incorrect domain
To Reproduce
Steps to reproduce the behavior:
Run investigation, and answer questions, no matter where I indicate to save the output, it adds one of our tenant's names in the path instead of the tenant we are investigating.
Expected behavior
A clear and concise description of what you expected to happen. I expect that the folder name will include the actual domain name being looked at
Screenshots
If applicable, add screenshots to help explain your problem.
File (please complete the following information):
Additional context
Add any other context about the problem here. I saw a possible feature request to add the default domain name to the folders; however, that only works if you work in a single tenant. We have 50 tenants that we have to run reports on at times. I do rename the folder after the fact, but many logs show I made the change. Please change the behavior back to the way it was, no domain added, then I can indicate the correct tenant, and don't have to remove the one set as default.
The text was updated successfully, but these errors were encountered: