MR-4: Develop a Hawk User Guide

[jonnybottles]

What needs to be updated?

Create a comprehensive user guide for Hawk to ensure users can effectively install, configure, and utilize the tool for cloud forensics and investigations.

Proposed Changes

The new user guide should include the following sections:

1. Installation Instructions

   • Detailed steps to install Hawk from the PowerShell Gallery.
   • Alternative installation steps via GitHub.

2. Running Hawk Investigations

   • Instructions for running tenant investigations and user investigations using Hawk.
   • Example commands and expected workflows.

3. Exported/Public Functions Overview

   • List all public functions included in the module.
   • Provide a brief purpose for each function.
   • Mention which files are generated by each function.

4. Log Files and Outputs

   • Include a detailed description of all files produced by Hawk during an investigation.
   • List the filenames, file formats, and their purposes (e.g., _Investigate_Simple_New_InboxRule.csv for inbox rule monitoring).

5. Data Coverage Chart

   • A visual chart/table summarizing the log types and data sources currently collected by Hawk.
   • Specify any gaps or limitations for additional context.

6. Data Sources and Dependencies

   • Provide an overview of the data sources Hawk pulls from (e.g., Microsoft Graph API, Exchange Online).
   • Detail the permissions and configurations required for these sources.

7. Additional Resources and References

   • Include any external references for modules like Exchange Online PowerShell V2.
   • Mention where users can find troubleshooting tips or engage with the community (e.g., GitHub or community forums).

8. New Features and Updates

   • Highlight recent updates or changes that might impact existing functionality.

9. Best Practices

   • Provide recommendations for optimal configurations, such as user permissions or execution policies.
   • Emphasize security considerations while using Hawk.

Current Documentation Link

https://jonathan-butler.atlassian.net/wiki/spaces/hawk/pages/93749250/User+Guide

Implementation Plan

1. Gather details about existing public functions and logs produced by Hawk.
2. Create detailed instructions for installation and running investigations based on current workflows.
3. Develop a data coverage chart using insights from the old documentation and Hawk’s capabilities.
4. Document any necessary user permissions or configurations for optimal use.
5. Format the user guide into clearly defined sections and submit it for review.

Additional Resources

• Refer to old documentation for inspiration.
• Include screenshots of sample workflows or outputs (if applicable).

Acceptance Criteria

• A complete user guide is published at the provided documentation link.
• Each section outlined above is included and thoroughly detailed.
• The guide is reviewed and approved by at least one team member or the product owner.
• Users can follow the guide without external assistance for typical use cases.