The US government wants to help you spot flaws in Microsoft cloud services

Cloud storage for downloading an isometric. A digital service or application with data transmission.
(Image credit: Shutterstock/ZinetroN)

The US government has built an open source tool to help security teams spot flaws in Microsoft cloud services easier. 

Built by the U.S. Cybersecurity & Infrastructure Security Agency (CISA) and the U.S. Department of Energy national laboratory, Sandia, the “Untitled Goose Tool” works by harvesting telemetry data from Azure Active Directory, Microsoft Azure, and Microsoft 365.

"Untitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customer's Azure Active Directory (AzureAD), Azure, and M365 environments," CISA says. "Untitled Goose Tool gathers additional telemetry from Microsoft Defender for Endpoint (MDE) and Defender for Internet of Things (IoT) (D4IoT)."

CISA efforts

There is a number of things Untitled Goose Tool can do, including exporting and reviewing sign-in and audit logs from Azure Active Directory, unified audit logs from Microsoft 365, activity logs from Azure, alerts from Microsoft Defender for IoT, and data from Microsoft Defender for Endpoint. 

The full set of the tool’s capabilities can be found on this link.

This is not the first tool of its kind to be released by CISA, as earlier this month the organization published “Decider”, another open source tool that helps IT teams generate MITRE ATT&CK mapping reports. And before that, the organization published a “best practives” guide about MITRE mapping, as well. 

Ever since ransomware operators hit the country’s critical infrastructure a few times, the U.S. government has been hard at work trying to defend against these malicious players. In 2023, CISA started proactively warning infrastructure organizations when they have internet-exposed endpoints that are vulnerable to ransomware attacks. 

"Using this proactive cyber defense capability, CISA has notified more than 60 entities of early-stage ransomware intrusions since January 2023, including critical infrastructure organizations in the Energy, Healthcare and Public Health, Water and Wastewater Systems sectors, as well as the education community," the company said. 

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.