You're viewing a demo portfolio

Join the waitlist
PRSM

query_ual

Active

Tool of com.blackveilsecurity/dns

declared in 3.29.5

Query the Microsoft 365 Unified Audit Log for a tenant. Optionally filter by operation type, user, or lookback window. Requires m365Proxy service binding; returns { unprovisioned: true } when absent. A `representative: true` field in the response marks sample (non-live) data until live Graph reads land.

Parameters schema

{
  "type": "object",
  "required": [
    "ms_tenant_id"
  ],
  "properties": {
    "operation": {
      "type": "string",
      "maxLength": 200,
      "description": "Filter to a specific Unified Audit Log operation (e.g., \"MailItemsAccessed\")."
    },
    "since_hours": {
      "type": "integer",
      "maximum": 720,
      "minimum": 1,
      "description": "Lookback window in hours (default: 24, max: 720)."
    },
    "ms_tenant_id": {
      "type": "string",
      "maxLength": 200,
      "minLength": 1,
      "description": "Microsoft Entra tenant ID (GUID or domain)."
    },
    "user_principal_name": {
      "type": "string",
      "maxLength": 254,
      "description": "Filter to a specific user (UPN). Omit for all users."
    }
  }
}

What this tool wraps· 0 endpoints

min confidence0.700.50

No endpoints wrapped at confidence ≥ 0.50.

Parent server

com.blackveilsecurity/dns

https://github.com/MadaBurns/bv-mcp

2/7 registries
View full server →
query_ual — com.blackveilsecurity/dns — PRSM MCP