Following an incident for environments that aren’t ingesting logs into a Security Information and Events Management (SIEM) or other long-term log solution, this tool was created to help incident response teams by exporting cloud artefacts
A new tool that allows detecting signs of hacking activity in Microsoft cloud services has been released by the US Cybersecurity & Infrastructure Security Agency (CISA).
The new open-source incident tool called – “Untitled Goose Tool”, developed in collaboration with Sandia, can dump telemetry information from Azure Active Directory, Microsoft Azure, and Microsoft 365 services.
“Untitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customer’s Azure Active Directory (AzureAD), Azure, and M365 environments,” according to CISA.
“Untitled Goose Tool gathers additional telemetry from Microsoft Defender for Endpoint (MDE) and Defender for Internet of Things (IoT) (D4IoT),” it added.
Following an incident for environments that aren’t ingesting logs into a Security Information and Events Management (SIEM) or other long-term log solution, this tool was created to help incident response teams by exporting cloud artefacts.
To assist defenders in generating MITRE ATT&CK mapping reports to alter their security posture based on adversaries’ tactics and approaches, CISA also released an open-source tool dubbed ‘Decider’ earlier this month.
Threat actors are now using fake rewards in so-called “play-to-earn” mobile and online games to steal millions worth of cryptocurrency, the Federal Bureau of Investigation (FBI) in the US warned earlier this month.
They accomplish this through the use of custom-created gaming apps that promise massive financial rewards directly proportional to investments made to potential targets with whom they have previously established trust through lengthy online conversations.
Also read: Ransomware attacks and its preventions
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics
