Security News > 2020 > December > CISA releases Azure, Microsoft 365 malicious activity detection tool
"CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment," the US federal agency said.
Sparrow checks the unified Azure/M365 audit log for indicators of compromise, lists Azure AD domains, and checks Azure service principals and their Microsoft Graph API permissions to discover potential malicious activity.
Free Azure security tool also released by CrowdStrike.
Cybersecurity firm CrowdStrike released a similar detection tool after investigating a failed hack following a warning received from Microsoft of a compromised Microsoft Azure reseller's account having attempted to read the company's emails using compromised Azure credentials.
To help admins analyze their Azure environments and get an easier overview of what privileges are assigned to third-party resellers and partners, CrowdStrike released the free CrowdStrike Reporting Tool for Azure tool.
News URL
Related news
- CISA orders federal agencies to secure Microsoft 365 tenants (source)
- HubSpot phishing targets 20,000 Microsoft Azure accounts (source)
- CISA orders federal agencies to secure their Microsoft cloud environments (source)
- Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation (source)
- Azure, Microsoft 365 MFA outage locks out users across regions (source)
- CISA shares guidance for Microsoft expanded logging capabilities (source)