The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has released a new open-source incident response tool that helps detect signs of malicious activity in Microsoft cloud environments.
Known as the ‘Untitled Goose Tool’ and developed in collaboration with Sandia, a U.S. Department of Energy national laboratory, this Python-based utility can dump telemetry information from Azure Active Directory, Microsoft Azure, and Microsoft 365 environments.
“Untitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customer’s Azure Active Directory (AzureAD), Azure, and M365 environments,” CISA says.
“Untitled Goose Tool gathers additional telemetry from Microsoft Defender for Endpoint (MDE) and Defender for Internet of Things (IoT) (D4IoT).”…
|
There are isolated problems with current patches, but they are well-known and documented on this site. |
-
New CISA tool detects hacking activity in Microsoft cloud services
- This topic has 0 replies, 1 voice, and was last updated 2 months, 1 week ago.
Author
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Remove One Drive
by 41 minutes ago
-
Firefox users on Windows 7, 8 and 8.1 moving to Extended Support Release
by 2 hours, 50 minutes ago
-
How to change “User Account Control:Run as administrator”
by 1 hour, 7 minutes ago
-
Two monitors, want different “fixed” wallpaper on each one
by 7 hours, 41 minutes ago
-
Microsoft forcing move to Microsoft account?
by 5 hours, 36 minutes ago
-
Event 2545 Device Management – Enterprise – Diagnostics – Provider
by 9 hours, 1 minute ago
-
QBot malware exploits Windows WordPad EXE to take over
by 1 day, 4 hours ago
-
Laptop powers off during KB5026361 update
by 1 day, 4 hours ago
-
How to enable Sleep in Shut down menu?
by 1 day, 5 hours ago
-
Beware of Google’s .ZIP domain and password-embedded URLs
by 59 minutes ago
-
Longstanding feature requests, and their status
by 1 day, 13 hours ago
-
Three typing tutors — no more “hunt and peck”
by 1 day, 12 hours ago
-
Is online banking secure?
by 5 minutes ago
-
Bluetooth audio not working on older Lenovo T420 with Win 10
by 19 hours, 20 minutes ago
-
Using wildcards in search and replace
by 1 day, 22 hours ago
-
How is Windows XP an security risk?
by 9 hours, 21 minutes ago
-
Is using VPN a good idea?
by 1 day, 19 hours ago
-
How to prevent/disable Bitlocker Automatic Device Encryption?
by 2 days, 6 hours ago
-
Unexplained aspects of installing the latest update of Office 2021
by 2 days, 6 hours ago
-
Getting started with macOS Disk Utility: RAID, images, and repairs
by 2 days, 15 hours ago
-
Getting started with macOS Disk Utility: Resizing, snapshots, and journaling
by 2 days, 15 hours ago
-
Are you ready for AI?
by 3 hours, 41 minutes ago
-
Windows 11 Insider Preview build 25375 released to Canary
by 2 days, 18 hours ago
-
Windows 11 Insider Preview Build 22621.1825 and 22624.1825 released to BETA
by 2 days, 18 hours ago
-
Duplicate image name brings up old images
by 3 days, 23 hours ago
-
XP offline activation tool, xp_activate32.exe
by 1 day, 12 hours ago
-
Huge Tesla leak reveals thousands of safety concerns, privacy problems
by 2 days, 1 hour ago
-
Android : iRecorder – Screen Recorder new Android RAT
by 4 days, 4 hours ago
-
HP has found an exciting new way to DRM your printer!
by 4 days, 4 hours ago
-
Outlook 2019 Resend “you do not appear to be the original sender…” msg
by 4 days, 15 hours ago
