Security News > 2020 > December > CISA releases Azure, Microsoft 365 malicious activity detection tool
"CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment," the US federal agency said.
Sparrow checks the unified Azure/M365 audit log for indicators of compromise, lists Azure AD domains, and checks Azure service principals and their Microsoft Graph API permissions to discover potential malicious activity.
Free Azure security tool also released by CrowdStrike.
Cybersecurity firm CrowdStrike released a similar detection tool after investigating a failed hack following a warning received from Microsoft of a compromised Microsoft Azure reseller's account having attempted to read the company's emails using compromised Azure credentials.
To help admins analyze their Azure environments and get an easier overview of what privileges are assigned to third-party resellers and partners, CrowdStrike released the free CrowdStrike Reporting Tool for Azure tool.
News URL
Related news
- Azure, Microsoft 365 MFA outage locks out users across regions (source)
- CISA shares guidance for Microsoft expanded logging capabilities (source)
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation (source)
- Microsoft names alleged credential-snatching 'Azure Abuse Enterprise' operators (source)
- Microsoft Exposes LLMjacking Cybercriminals Behind Azure AI Abuse Scheme (source)
- Cisco, Hitachi, Microsoft, and Progress Flaws Actively Exploited—CISA Sounds Alarm (source)