The US government wants to help you spot flaws in Microsoft cloud services
CISA releases open source tool to find Microsoft cloud issues
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
The US government has built anopen sourcetool to help security teams spot flaws inMicrosoftcloud services easier.
Built by the U.S. Cybersecurity & Infrastructure Security Agency (CISA) and the U.S. Department of Energy national laboratory, Sandia, the “Untitled Goose Tool” works by harvesting telemetry data from Azure Active Directory, Microsoft Azure, andMicrosoft 365.
“Untitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customer’s Azure Active Directory (AzureAD), Azure, and M365 environments,” CISA says. “Untitled Goose Tool gathers additional telemetry from Microsoft Defender forEndpoint(MDE) and Defender for Internet of Things (IoT) (D4IoT).”
CISA efforts
There is a number of things Untitled Goose Tool can do, including exporting and reviewing sign-in and audit logs from Azure Active Directory, unified audit logs from Microsoft 365, activity logs from Azure, alerts from Microsoft Defender for IoT, and data from Microsoft Defender for Endpoint.
The full set of the tool’s capabilities can be found onthis link.
This is not the first tool of its kind to be released by CISA, as earlier this month the organization published “Decider”, another open source tool that helps IT teams generate MITRE ATT&CK mapping reports. And before that, the organization published a “best practives” guide about MITRE mapping, as well.
Check out thebest cloud hostingproviders today>CISA is worried that critical infrastructure is vulnerable to ransomware attacks>CISA says hackers had access to federal agency for months
Ever sinceransomwareoperators hit the country’s critical infrastructure a few times, the U.S. government has been hard at work trying to defend against these malicious players. In 2023, CISA started proactively warning infrastructure organizations when they have internet-exposed endpoints that are vulnerable to ransomware attacks.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“Using this proactive cyber defense capability, CISA has notified more than 60 entities of early-stage ransomware intrusions since January 2023, including critical infrastructure organizations in the Energy, Healthcare and Public Health, Water and Wastewater Systems sectors, as well as the education community,” the company said.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Cisco issues patch to fix serious flaw allowing possible industrial systems takeover
7 myths about email security everyone should stop believing
Lego will let you build Sir Ernest Shackleton’s iconic lost ship, the Endurance, in its next Icons set
