Question: Can you search for user agent strings?

[PhranqueG]

Your Question

Is there a function for searching for specific user agent strings across the tenant?

[jonnybottles]

@PhranqueG , there is not a specific function that searches for specific user agent strings across the tenant. However, there are functions that do pull back User Agent strings as part of a larger data set. Some of those being

• Get-HawkUserMailItemsAccessed (ClientInfoString column)
• Get-HawkUserMailSendActivity (ClientInfoString column)
• Get-HawkTenantRiskDetections (AdditionalInfo_userAgent column)

There should be some other functions that pull back UserAgent Strings as well. May I ask what your particular use case is for the User Agent Strings across the entire tenant?

[PhranqueG]

@jonnybottles, there is a distinct user agent associated with suspicious login activities. I would like to search the entire tenant to flag activity associated with the user agent to quickly detect the user accounts involved.