Search the Petri IT Knowledgebase
search icon

close

Windows

Cloud

Microsoft 365

PowerShell

Active Directory

Security

Windows Server

Video
Icon for WEBINAR ON-DEMAND!

WEBINAR ON-DEMAND!

Blocking Advanced Web Attacks with WAF

Icon for GET-IT Conference coming soon!!

GET-IT Conference coming soon!!

Threat Detection & The Role of Operational Resilie...

Icon for New Whitepaper sheds light on …

New Whitepaper sheds light on …

Best Practices for IT SaaS portfolio management

Icon for New podcast from Stephen Rose!

New podcast from Stephen Rose!

Unplugging What's Next for Teams 2.0

Home

Security

CISA Releases New Free Tool to Identify Threats in Microsoft Cloud Services

Rabia Noureen

 |

Mar 24, 2023

Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new open-source incident response tool. The Python-based utility is designed to help organizations track vulnerabilities in Microsoft cloud environments.

Specifically, CISA has teamed up with the U.S. Department of Energy’s Sandia National Laboratories to develop the Untitled Goose Tool. It utilizes different sophisticated hunting queries to detect the signs of exploitation in Microsoft 365, Microsoft Azure, and Azure Active Directory (AAD). The utility can also be used with other Microsoft security solutions to identify and mitigate security threats.

CISA Releases New Tool to Identify Threats in Microsoft Cloud Services

CISA detailed that the Untitled Goose Tool allows IT admins to perform the following operations:

  • Export and review AAD sign-in and audit logs, M365 unified audit log (UAL), Azure activity logs, Microsoft Defender for IoT (internet of things) alerts, and Microsoft Defender for Endpoint (MDE) data for suspicious activity.
  • Query, export, and investigate AAD, M365, and Azure configurations.
  • Extract cloud artifacts from Microsoft’s AAD, Azure, and M365 environments without performing additional analytics.
  • Perform time bounding of the UAL.
  • Extract data within those time bounds.
  • Collect and review data using similar time bounding capabilities for MDE data.

Getting started with the Untitled Goose Tool

CISA says that customers can download and install the Untitled Goose Tool on Windows, macOS, and Linux machines. However, it requires users to install Python version 3.7, 3.8, or 3.9 to run on their systems.

Earlier this month, the Cybersecurity and Infrastructure Security Agency (CISA) released a free tool called Decider. Its purpose is to help security teams map attackers’ behavior to the Mitre ATT&CK framework. Decider comes with intuitive search and filtering capabilities, making it easy for users to find the information they need. It also allows users to export results to commonly used formats for further analysis.

Petri Newsletters

Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.

More in Security

Security

Microsoft Discloses New 'Migraine' Flaw That Bypasses Built-In Protections on macOS

Jun 1, 2023 | Rabia Noureen

Microsoft Warns Chinese Volt Typhoon Hacking Group Infects Critical US Infrastructure

May 26, 2023 | Rabia Noureen

Security

Microsoft Entra Introduces New Identity and Access Management Capabilities

May 24, 2023 | Rabia Noureen

Security

New Microsoft 365 Defender Feature Automatically Blocks Adversary-in-the-Middle Campaigns

May 18, 2023 | Rabia Noureen

Security

Microsoft Entra Boosts Security New Tools and Capabilities to Thwart Cyberattacks

May 10, 2023 | Rabia Noureen

Security

Webinar: Learn How to Keep Critical Web Apps Online and Sensitive Data Secure

May 9, 2023 | Russell Smith

Most popular on petri

Article saved!

Access saved content from your profile page. View Saved

Reach out

Learn More

Sitemap

Join The Conversation

Create a free account today to participate in forum conversations, comment on posts and more.

Copyright ©2019 BWW Media Group

Terms and Conditions of Use

 |

Privacy Policy