Security News > 2021 > March > CISA releases new SolarWinds malicious activity detection tool

CISA releases new SolarWinds malicious activity detection tool
2021-03-18 19:56

The Cybersecurity and Infrastructure Security Agency has released a new tool to detect post-compromise malicious activity associated with the SolarWinds hackers in on-premises enterprise environments.

CISA Hunt and Incident Response Program, the new forensics collection tool, is a Python-based tool that helps detect SolarWinds malicious activity IOCs on Windows operating systems.

Previously released malicious activity detection tools.

CISA previously released a PowerShell-based tool dubbed Sparrow that helps detect potentially compromised apps and accounts in Azure/Microsoft 365 environments.

Cybersecurity firm CrowdStrike released a similar detection tool named the CrowdStrike Reporting Tool for Azure and designed to help admins analyze Azure environments.

FireEye also published a free tool dubbed Azure AD Investigator that helps organizations discover artifacts indicating malicious activity by the state-backed threat actor behind the SolarWinds supply-chain attack.


News URL

https://www.bleepingcomputer.com/news/security/cisa-releases-new-solarwinds-malicious-activity-detection-tool/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 56 33 102 81 51 267