Security News > 2020 > December > CISA releases Azure, Microsoft 365 malicious activity detection tool
"CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment," the US federal agency said.
Sparrow checks the unified Azure/M365 audit log for indicators of compromise, lists Azure AD domains, and checks Azure service principals and their Microsoft Graph API permissions to discover potential malicious activity.
Free Azure security tool also released by CrowdStrike.
Cybersecurity firm CrowdStrike released a similar detection tool after investigating a failed hack following a warning received from Microsoft of a compromised Microsoft Azure reseller's account having attempted to read the company's emails using compromised Azure credentials.
To help admins analyze their Azure environments and get an easier overview of what privileges are assigned to third-party resellers and partners, CrowdStrike released the free CrowdStrike Reporting Tool for Azure tool.
News URL
Related news
- CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability (source)
- CISA tags Microsoft SharePoint RCE bug as actively exploited (source)
- Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) (source)
- CISA orders agencies impacted by Microsoft hack to mitigate risks (source)
- It's Time to Master the Lift & Shift: Migrating from VMware vSphere to Microsoft Azure (source)
- Microsoft to start enforcing Azure multi-factor authentication in July (source)