Security Program Controls/Technologies, Content

Microsoft 365, Azure Threat Hunting: CISA Aviary, Sparrow Tools Emerge

Credit: CISA

The CISA (Cybersecurity and Information Security Agency) has developed new threat hunting tools for Microsoft 365 and Azure cloud applications. The offerings involve Sparrow and Aviary.

Sparrow, which debuted in December 2020, helps network defenders detect possible compromised accounts and applications in Microsoft Azure and Office O365 environments, the CISA says.

The new twist involves Aviary, a Splunk-based dashboard that CISA and partners developed to help visualize and analyze outputs from Sparrow and then take protective actions, the organization said.

Aviary and Splunk emerged in response to the SolarWinds Orion compromise, which was discovered in December 2020.

The CISA is part of the U.S. Department of Homeland Security.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.