CISA releases free tool for detecting malicious activity in Microsoft cloud environments

2023-03-24 12:31

Network defenders searching for malicious activity in their Microsoft Azure, Azure Active Directory, and Microsoft 365 cloud environments have a new free solution at their disposal: Untitled Goose Tool.

As an agency charged with - among other things - helping US-based organizations in the government and private sector protect themselves against cyber attackers, CISA regularly releases free open-source services and tools for defenders to use.

"The Untitled Goose Tool offers novel authentication and data gathering methods for network defenders to use as they interrogate and analyze their Microsoft cloud services," CISA reveals.

Export and review AAD sign-in and audit logs, M365 unified audit log, Azure activity logs, Microsoft Defender for IoT alerts, and Microsoft Defender for Endpoint data for suspicious activity.

The tool can be installed on macOS, Linux and Windows, and is compatible with Azure, Azure AD, and M365 environments.

"Users can run Untitled Goose Tool once, as a snapshot in time, or routinely. For certain log types, the tool will pick up from the last time the tool was executed," CISA explained.

News URL

https://www.helpnetsecurity.com/2023/03/24/malicious-activity-microsoft-cloud/

#cisa #cloud #microsoft

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Microsoft		480	75	2308	5127	264	7774
Free		9	0	3	1	3	7

News URL

Related news

Related vendor