The US government wants to help you spot flaws in Microsoft cloud services

By Krishna Rao On Mar 25, 2023

How is eBPF Revolutionizing Kubernetes Scaling

Jan 20, 2024

Seamless CI/CD Integration: The Role of Monitoring as Code

Dec 11, 2023

The US government has built an open source tool to help security teams spot flaws in Microsoft cloud services easier.

Built by the U.S. Cybersecurity & Infrastructure Security Agency (CISA) and the U.S. Department of Energy national laboratory, Sandia, the “Untitled Goose Tool” works by harvesting telemetry data from Azure Active Directory, Microsoft Azure, and Microsoft 365.

“Untitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customer’s Azure Active Directory (AzureAD), Azure, and M365 environments,” CISA says. “Untitled Goose Tool gathers additional telemetry from Microsoft Defender for Endpoint (opens in new tab) (MDE) and Defender for Internet of Things (IoT) (D4IoT).”

CISA efforts

There is a number of things Untitled Goose Tool can do, including exporting and reviewing sign-in and audit logs from Azure Active Directory, unified audit logs from Microsoft 365, activity logs from Azure, alerts from Microsoft Defender for IoT, and data from Microsoft Defender for Endpoint.

The full set of the tool’s capabilities can be found on this link (opens in new tab).

This is not the first tool of its kind to be released by CISA, as earlier this month the organization published “Decider”, another open source tool that helps IT teams generate MITRE ATT&CK mapping reports. And before that, the organization published a “best practives” guide about MITRE mapping, as well.

Ever since ransomware operators hit the country’s critical infrastructure a few times, the U.S. government has been hard at work trying to defend against these malicious players. In 2023, CISA started proactively warning infrastructure organizations when they have internet-exposed endpoints that are vulnerable to ransomware attacks.

“Using this proactive cyber defense capability, CISA has notified more than 60 entities of early-stage ransomware intrusions since January 2023, including critical infrastructure organizations in the Energy, Healthcare and Public Health, Water and Wastewater Systems sectors, as well as the education community,” the company said.

Via: BleepingComputer (opens in new tab)

Read original article here

Denial of responsibility! TechnoCodex is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – [email protected]. The content will be deleted within 24 hours.