CISA Releases New Audit Tool for Microsoft Cloud Services Security

The US Cybersecurity and Infrastructure Security Agency (CISA) has released the “Untitled Goose Tool” to help detect malicious activity in Microsoft Azure, Azure Active Directory, and Microsoft 365 environments. The tool offers new authentication and data collection methods for network defenders to analyze their Microsoft cloud services. The tool allows users to export and review sign-in and audit logs, activity logs, and alerts for suspicious activity. It also allows for the extraction of cloud artifacts and the performance of time-bound data collection for analysis. The tool was developed by CISA with support from Sandia National Laboratories. Network defenders can find more information on the tool and get started on the CISA GitHub repository.