Security News > 2020 > December > CISA releases Azure, Microsoft 365 malicious activity detection tool
"CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment," the US federal agency said.
Sparrow checks the unified Azure/M365 audit log for indicators of compromise, lists Azure AD domains, and checks Azure service principals and their Microsoft Graph API permissions to discover potential malicious activity.
Free Azure security tool also released by CrowdStrike.
Cybersecurity firm CrowdStrike released a similar detection tool after investigating a failed hack following a warning received from Microsoft of a compromised Microsoft Azure reseller's account having attempted to read the company's emails using compromised Azure credentials.
To help admins analyze their Azure environments and get an easier overview of what privileges are assigned to third-party resellers and partners, CrowdStrike released the free CrowdStrike Reporting Tool for Azure tool.