CISA Releases New Free Tool to Identify Threats in Microsoft Cloud Services
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new open-source incident response tool. The Python-based utility is designed to help organizations track vulnerabilities in Microsoft cloud environments.
Specifically, CISA has teamed up with the U.S. Department of Energy’s Sandia National Laboratories to develop the Untitled Goose Tool. It utilizes different sophisticated hunting queries to detect the signs of exploitation in Microsoft 365, Microsoft Azure, and Azure Active Directory (AAD). The utility can also be used with other Microsoft security solutions to identify and mitigate security threats.
CISA detailed that the Untitled Goose Tool allows IT admins to perform the following operations:
- Export and review AAD sign-in and audit logs, M365 unified audit log (UAL), Azure activity logs, Microsoft Defender for IoT (internet of things) alerts, and Microsoft Defender for Endpoint (MDE) data for suspicious activity.
- Query, export, and investigate AAD, M365, and Azure configurations.
- Extract cloud artifacts from Microsoft’s AAD, Azure, and M365 environments without performing additional analytics.
- Perform time bounding of the UAL.
- Extract data within those time bounds.
- Collect and review data using similar time bounding capabilities for MDE data.
Getting started with the Untitled Goose Tool
CISA says that customers can download and install the Untitled Goose Tool on Windows, macOS, and Linux machines. However, it requires users to install Python version 3.7, 3.8, or 3.9 to run on their systems.
Earlier this month, the Cybersecurity and Infrastructure Security Agency (CISA) released a free tool called Decider. Its purpose is to help security teams map attackers’ behavior to the Mitre ATT&CK framework. Decider comes with intuitive search and filtering capabilities, making it easy for users to find the information they need. It also allows users to export results to commonly used formats for further analysis.
More in Security
Microsoft Discloses New 'Migraine' Flaw That Bypasses Built-In Protections on macOS
Jun 1, 2023 | Rabia Noureen
Microsoft Warns Chinese Volt Typhoon Hacking Group Infects Critical US Infrastructure
May 26, 2023 | Rabia Noureen
Microsoft Entra Introduces New Identity and Access Management Capabilities
May 24, 2023 | Rabia Noureen
New Microsoft 365 Defender Feature Automatically Blocks Adversary-in-the-Middle Campaigns
May 18, 2023 | Rabia Noureen
Microsoft Entra Boosts Security New Tools and Capabilities to Thwart Cyberattacks
May 10, 2023 | Rabia Noureen
Webinar: Learn How to Keep Critical Web Apps Online and Sensitive Data Secure
May 9, 2023 | Russell Smith
Most popular on petri