The CISA (Cybersecurity and Information Security Agency) has developed new threat hunting tools for Microsoft 365 and Azure cloud applications. The offerings involve Sparrow and Aviary.
Sparrow, which debuted in December 2020, helps network defenders detect possible compromised accounts and applications in Microsoft Azure and Office O365 environments, the CISA says.
The new twist involves Aviary, a Splunk-based dashboard that CISA and partners developed to help visualize and analyze outputs from Sparrow and then take protective actions, the organization said.
Aviary and Splunk emerged in response to the SolarWinds Orion compromise, which was discovered in December 2020.
The CISA is part of the U.S. Department of Homeland Security.