From 5333f70f5796052a26d36c4eb6bc0cc9185d433e Mon Sep 17 00:00:00 2001
From: pe3zx <pe3zx@users.noreply.github.com>
Date: Sat, 19 Feb 2022 22:11:06 +0700
Subject: [PATCH] Add: mandiant/Mandiant-Azure-AD-Investigator to DFIR section

---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index 5a55c74..d6cd018 100644
--- a/README.md
+++ b/README.md
@@ -1685,6 +1685,10 @@ This repository is created as an online bookmark for useful links, resources and
         <td><a href="https://github.com/MalwareSoup/MitreAttack">MalwareSoup/MitreAttack</a></td>
         <td>Python wrapper for the Mitre ATT&CK framework API</td>
     </tr>
+    <tr>
+        <td><a href="https://github.com/mandiant/Mandiant-Azure-AD-Investigator">mandiant/Mandiant-Azure-AD-Investigator</a></td>
+        <td>This repository contains a PowerShell module for detecting artifacts that may be indicators of UNC2452 and other threat actor activity</td>
+    </tr>
     <tr>
         <td><a href="https://github.com/markbaggett/srum-dump">markbaggett/srum-dump</a></td>
         <td>A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.</td>