This new CISA tool can prevent hacking attempts in Microsoft’s cloud

by Alexandru Poloboc

Alexandru Poloboc

With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor,… read more

  • CISA has released a new open-source incident response tool.
  • It helps detect signs of malicious activity in the Microsoft cloud.
  • IT admins and security experts will surely get a kick out of it.


A lot of us can or already have fallen victim to ruthless hackers, so keeping ourselves protected in this ever-changing online world is paramount.

Know that the U.S. Cybersecurity & Infrastructure Security Agency, also known as CISA, has released a new open-source incident response tool.

This new software actually helps detect signs of malicious activity in Microsoft cloud environments, which can be huge in the battle against malicious third parties.

Speaking of clouds, we can show you some of the best Cloud storage apps for Windows 10. Also, we can teach you how to fix the Cloud operation was unsuccessful error on OneDrive

Commonly known as the Untitled Goose Tool, this Python-based utility can dump telemetry information from Azure Active Directory, Microsoft Azure, and Microsoft 365 environments.

According to CISA, it is a robust and flexible hunt and incident response tool that adds novel authentication and data-gathering methods.

With this tool, you can basically run a full investigation against a customer’s Azure Active Directory (AzureAD), Azure, and M365 environments.

Furthermore, Untitled Goose Tool also gathers additional telemetry from Microsoft Defender for Endpoint (MDE) and Defender for Internet of Things (IoT) (D4IoT).

We know you are curious about specifics, so let’s get into it. With the cross-platform Microsoft cloud interrogation and analysis tool, security experts and network admins can:

  • Export and review AAD sign-in and audit logs, M365 unified audit log (UAL), Azure activity logs, Microsoft Defender for IoT (internet of things) alerts, and Microsoft Defender for Endpoint (MDE) data for suspicious activity.
  • Query, export, and investigate AAD, M365, and Azure configurations.
  • Extract cloud artifacts from Microsoft’s AAD, Azure, and M365 environments without performing additional analytics. 
  • Perform time bounding of the UAL.
  • Extract data within those time bounds. 
  • Collect and review data using similar time-bounding capabilities for MDE data.

Keep this in mind if you value the privacy and security of your company. However, know that it all starts with us being extra careful when on the internet.

Is this something you would be interested in using yourself? Share your opinions with us in the comments section below.

More Reading

Post navigation

Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *