Connect with us

Hi, what are you looking for?

Cyber Security

CISA Released a New Tool to Detect Hacking Activity in Microsoft Cloud Environments

As part of its ongoing efforts to protect Microsoft cloud environments against malicious activity, CISA recently introduced an open-source incident response tool called the “Untitled Goose Tool.”

This Python-based utility tool was developed in collaboration with Sandia, a national laboratory of the United States Department of Energy. Following are the environments from which telemetry information can be dumped with the help of this tool:-

  • Azure Active Directory
  • Microsoft Azure
  • Microsoft 365
  • Microsoft Defender for Endpoint (MDE)
  • Defender for Internet of Things (IoT) (D4IoT)

Features of Untitled Goose Tool

Security experts and network administrators can use CISA’s cross-platform Microsoft cloud analysis and interrogation tool to:-

  • In-depth analysis and export of:
  • AAD sign-in and audit logs
  • M365 unified audit log
  • Azure activity logs
  • Microsoft Defender for IoT alerts
  • Microsoft Defender for Endpoint data for suspicious activity
  • Analyze AAD, M365, and Azure configurations through queries, exports, and investigation.
  • It enables the extraction of the cloud artifacts without performing additional analytics from Microsoft’s AAD, Azure, and M365 environments.
  • The time bounding of the UAL could be performed.
  • In accordance with those time bounds, it enables data extraction.
  • For MDE data, similar time-bounding capabilities can be used to collect, review, and compare data.

Prerequisites

To run the Untitled Goose Tool with Python, the following versions are required:-

  • Python 3.7
  • Python 3.8
  • Python 3.9

Furthermore, running the Untitled Goose Tool in a virtual environment is recommended.

  • Mac OSX
  • Linux
  • Windows

Recent developments have seen the CISA undertake several mitigatory steps to improve the security measures that organizations can take against emerging cyber threats.

As a result, a new open-source tool called ‘Decider’ was launched earlier this month by CISA. This tool is mainly aimed at defenders, which helps them in creating MITRE ATT&CK mapping reports.

Decider was launched after the publication of a “best practices” guide in January, stressing the significance of adhering to the standard.

As part of its announcement, it warned critical infrastructure entities at the beginning of 2023 that their systems were susceptible to ransomware attacks due to internet exposure.

The announcement resulted from a new partnership launched in August 2021 to focus on protecting the core infrastructure of the United States from cyber attacks such as ransomware. At the same time, they named this collaboration the JCDC (Joint Cyber Defense Collaborative).

Installing

It is quite easy to install the package by cloning the repository and then doing an install with pip:

git clone https://github.com/cisagov/untitledgoosetool.git
cd untitledgoosetool
python3 -m pip install .

In June 2021, Ransomware Readiness Assessment (RRA) was launched to update the Cyber Security Evaluation Tool (CSET). This module aims to assist organizations in assessing their preparedness for preventing and recovering from ransomware and other cyberattacks.

Copyright 2021 Associated Press. All rights reserved.

Source: https://cybersecuritynews.com/cisa-new-tool/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Bureaucracy and dispersed authorities hinder the Cybersecurity and Infrastructure Security Agency’s ability to carry out its mission as network cyber lead, according to an...

Cyber Security

Agency resources are intended to address the longstanding challenges health systems and hospitals have faced from increasingly advanced cyberattacks. The Cybersecurity and Infrastructure Security...

Cyber Security

In recent findings from Check Point Research, a significant phishing attack targeting more than 40 prominent Colombian companies has been uncovered.  The attackers behind this campaign...

Cyber Security

According to recent reports, a threat actor has compromised the confidential information of 3,200 Airbus vendors. The exposed data includes sensitive details such as...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO