Security News > 2021 > April > CISA releases tool to review Microsoft 365 post-compromise activity
Image: CISA. The Cybersecurity and Infrastructure Security Agency has released a companion Splunk-based dashboard that helps review post-compromise activity in Microsoft Azure Active Directory, Office 365, and Microsoft 365 environments.
CISA's new tool, dubbed Aviary, helps security teams visualize and analyze data outputs generated using Sparrow, an open-source PowerShell-based tool for detecting potentially compromised applications and accounts in Azure and Microsoft 365.
CISA encourages network defenders who want to use Aviary for a more straightforward analysis of Sparrow output to review the AA21-008A alert on detecting post-compromise malicious activity in Microsoft Cloud environments.
Last month, CISA released CHIRP, a new Python-based forensics collection tool for detecting signs of SolarWinds hackers' activity on Windows operating systems.
Cybersecurity firm CrowdStrike released a detection tool similar to Sparrow named the CrowdStrike Reporting Tool for Azure.
FireEye also published a free tool dubbed Azure AD Investigator for discovering artifacts indicating malicious activity by the state-backed threat actor behind the SolarWinds supply-chain attack.
News URL
Related news
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)
- Over 5,000 Fake Microsoft Notifications Fueling Email Compromise Campaigns (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094) (source)