CISA unleashes Untitled Goose Tool to honk at danger in Microsoft's cloud

2023-03-24 19:16

American cybersecurity officials have released an early-warning system to protect Microsoft cloud users.

Dubbed the Untitled Goose Tool, CISA said it "Offers novel authentication and data gathering methods for network defenders to use as they interrogate and analyze their Microsoft cloud services."

The introduction of Untitled Goose Tool comes the same day as the agency announced its Pre-Ransomware Notification Initiative, which delivers early warnings to organizations about attacks, possibly in enough time to stop the attacks before the miscreants can encrypt or steal data.

Network pros can use Untitled Goose Tool for exporting and reviewing AAD sign-in and audit logs, Microsoft 365's unified audit log, Azure activity logs, Defender for IoT alerts, and Defender for Endpoint data for suspicious activity.

"Network defenders attempting to interrogate a large M365 tenant via the UAL may find that manually gathering all events at once is not feasible. Untitled Goose Tool uses novel data gathering methods via bespoke mechanisms," CISA wrote [PDF].

Untitled Goose Tool can be used with both Windows and macOS, though the PowerShell script is best used only with Windows.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/03/24/cisa_microsoft_cloud_ransomware/

#cisa #cloud #microsoft

News URL

Related news