This new CISA tool can prevent hacking attempts in Microsoft's cloud

News

Reading time icon 2 min. read

Calendar icon Published on

by Alexandru Poloboc 

published on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Key notes

  • CISA has released a new open-source incident response tool.
  • It helps detect signs of malicious activity in the Microsoft cloud.
  • IT admins and security experts will surely get a kick out of it.
malware

A lot of us can or already have fallen victim to ruthless hackers, so keeping ourselves protected in this ever-changing online world is paramount.

Know that the U.S. Cybersecurity & Infrastructure Security Agency, also known as CISA, has released a new open-source incident response tool.

This new software actually helps detect signs of malicious activity in Microsoft cloud environments, which can be huge in the battle against malicious third parties.

Speaking of clouds, we can show you some of the best Cloud storage apps for Windows 10. Also, we can teach you how to fix the Cloud operation was unsuccessful error on OneDrive

Check out this new security tool from CISA

Commonly known as the Untitled Goose Tool, this Python-based utility can dump telemetry information from Azure Active Directory, Microsoft Azure, and Microsoft 365 environments.

According to CISA, it is a robust and flexible hunt and incident response tool that adds novel authentication and data-gathering methods.

With this tool, you can basically run a full investigation against a customer’s Azure Active Directory (AzureAD), Azure, and M365 environments.

Furthermore, Untitled Goose Tool also gathers additional telemetry from Microsoft Defender for Endpoint (MDE) and Defender for Internet of Things (IoT) (D4IoT).

We know you are curious about specifics, so let’s get into it. With the cross-platform Microsoft cloud interrogation and analysis tool, security experts and network admins can:

  • Export and review AAD sign-in and audit logs, M365 unified audit log (UAL), Azure activity logs, Microsoft Defender for IoT (internet of things) alerts, and Microsoft Defender for Endpoint (MDE) data for suspicious activity.
  • Query, export, and investigate AAD, M365, and Azure configurations.
  • Extract cloud artifacts from Microsoft’s AAD, Azure, and M365 environments without performing additional analytics. 
  • Perform time bounding of the UAL.
  • Extract data within those time bounds. 
  • Collect and review data using similar time-bounding capabilities for MDE data.

Keep this in mind if you value the privacy and security of your company. However, know that it all starts with us being extra careful when on the internet.

Is this something you would be interested in using yourself? Share your opinions with us in the comments section below.

More about the topics: malware

Alexandru Poloboc

Alexandru Poloboc Shield

Tech Journalist

With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor, as well as TV and radio entertainment show host. A certified gadget freak, he always feels the need to surround himself with next-generation electronics. When he is not working, he splits his free time between making music, gaming, playing football, basketball and taking his dogs on adventures.