Security News > 2021 > March > CISA releases new SolarWinds malicious activity detection tool
The Cybersecurity and Infrastructure Security Agency has released a new tool to detect post-compromise malicious activity associated with the SolarWinds hackers in on-premises enterprise environments.
CISA Hunt and Incident Response Program, the new forensics collection tool, is a Python-based tool that helps detect SolarWinds malicious activity IOCs on Windows operating systems.
Previously released malicious activity detection tools.
CISA previously released a PowerShell-based tool dubbed Sparrow that helps detect potentially compromised apps and accounts in Azure/Microsoft 365 environments.
Cybersecurity firm CrowdStrike released a similar detection tool named the CrowdStrike Reporting Tool for Azure and designed to help admins analyze Azure environments.
FireEye also published a free tool dubbed Azure AD Investigator that helps organizations discover artifacts indicating malicious activity by the state-backed threat actor behind the SolarWinds supply-chain attack.