CISA Issues DDoS Warning As Multiple Organizations Hit With Attacks
Up next
Author
Tags
Share article
The post has been shared by 2 people.
Facebook 0
Twitter 0
LinkedIn 0
Reddit 0
Pinterest 2
Pocket 0
Mail 0

The US Cybersecurity and Infrastructure Security Agency (CISA) has released a new open-source incident response tool called the ‘Untitled Goose Tool’, which can help detect signs of malicious activity in Microsoft cloud environments. The tool was developed in collaboration with Sandia National Laboratories, a US Department of Energy national laboratory, and is available on GitHub.

The ‘Untitled Goose Tool’ can be used to extract telemetry information from Azure Active Directory, Microsoft Azure, and Microsoft 365 environments. This data can then be used to identify suspicious activity, such as unauthorized logins, unusual file access, and changes to critical settings.

CISA announcing the ‘Untitled Goose Tool’ on their official Twitter account. (Source: Twitter)

CISA has already used the tool to notify more than 60 entities of early-stage ransomware intrusions since January 2023. The agency also revealed that it has been working with Microsoft to develop additional tools and capabilities to help protect Microsoft cloud environments from malicious activity.

The ‘Untitled Goose Tool’ is a valuable resource for organizations that use Microsoft cloud services. It can help to identify and respond to threats before they cause significant damage. The tool is also open-source, which means that it can be used by organizations of all sizes and budgets.

CISA ‘Untitled Goose Tool’ Features + Download

CISA summarizes the tools capabilities as ideal for:

  • It can export and review AAD sign-in and audit logs, M365 unified audit log (UAL), Azure activity logs, Microsoft Defender for IoT (internet of things) alerts, and Microsoft Defender for Endpoint (MDE) data for suspicious activity.
  • It can query, export, and investigate AAD, M365, and Azure configurations.
  • It can extract cloud artifacts from Microsoft’s AAD, Azure, and M365 environments without performing additional analytics.
  • It can perform time bounding of the UAL.
  • It can extract data within those time bounds.

The tool is also easy to use and can be run by anyone with basic familiarity with Microsoft cloud environments. It is available now on GitHub, and CISA has created a helpful Untitled Goose Tool fact sheet on their website.

You May Also Like
Microsoft Deploys GPT-4 to Azure Government Top Secret Cloud for DoD

Microsoft Deploys GPT-4 to Azure Government Top Secret Cloud for DoD

OpenAI’s GPT-4 multimodal large language model is coming to Azure Government Cloud Top Secret
RSAC 2024: Crowdstrike Falcon Cloud Security enhanced for cloud asset visualization Falcon Query Builder Falcon Asset Graph

RSAC 2024: Crowdstrike Falcon Cloud Security enhanced for cloud asset visualization

Crowdstrike is enhancing its Falcon Cloud Security platform for AI-assisted cyber incident detection, mitigation and response
RSAC 2024: Google Threat Intelligence unveiled VirusTotal Mandiant cybersecurity

RSAC 2024: Google Threat Intelligence unveiled

Google’s new cybersecurity threat intelligence offering is powered by Gemini, VirusTotal, and Mandiant