CISA Releases Free Detection Tool for Azure/M365 Environment relating to the Solarwinds attack

This is one for the more technically minded people out there.

In the wake of the massive affect of the Solarwinds attack, both government agencies and private companies alike are providing advice, guidance and free tools to support companies with detect attacks on their systems.

One such free tool is from the CISA (The American Cybersecurity & Infrastructure Security Agency).

This tool is used to detect unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment.

It is intended for use by incident responders and is narrowly focused on activity that is endemic to the recent identity- and authentication-based attacks seen in multiple sectors.

The CISA strongly encourages users and administrators to visit the following GitHub page for additional information and detection countermeasures.

They also provide further guidance on Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments here

There are also links to two further tools: –

CrowdStrike Reporting Tool for Azure (CRT)

HAWK Reporting tool for Office 365