CISA Releases Hunt Tool for Microsofts Cloud Services

CISA released the hunt and response tool to help defenders extract cloud artifacts without performing additional analytics.

The Untitled Goose Tool is the latest tool from the United States Cybersecurity and Infrastructure Security Agency to help enterprise security teams respond to attacks.
Developed in conjunction with Sandia National Labs, the Untitled Goose Tool “offers novel authentication and data gathering methods for network defenders to use as they interrogate and analyze their Microsoft cloud services,”
CISA said in its announcement,
which specifically listed Microsoft Azure, Microsoft 365, and Azure Active Directory. With this tool, defenders can run a full investigation by interrogating and collecting Azure Active Directory sign-in and audit logs, Microsoft 365 unified audit log, Azure activity logs, Microsoft Defender for IoT (Internet of Things) alerts, and Microsoft Defender for Endpoint data for suspicious activity, CISA said in its
Untitled Goose Tool fact sheet
. Defenders can also query, export, and investigate Azure Active Directory, Microsoft 365, and Azure configurations.
The hunt and incident response tool was designed to assist incident response teams export cloud artifacts after an incident for environments that aren’t ingesting logs into the organization’s Security Information and Events Management (SIEM) platform, CISA said on the
Untitled Goose GitHub repository
page. The defenders can then ingest the JSON results into an existing SIEM, web browser, text editor, or database, for additional analysis.
The Untitled Goose Tools was announced on the same day as the Pre-Ransomware Notification Initiative, which aims to warn organizations about ransomware attacks early enough so that organizations can block the attempt to steal or encrypt data. Earlier in March, CISA announced the
Decider tool
, which will help organizations map adversary behavior to the MITRE ATT&CK framework to find gaps in their defenses, as well as the
Ransomware Vulnerability Warning Pilot
, to warn
critical infrastructure entities
about flaws in their systems.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
CISA Releases Hunt Tool for Microsofts Cloud Services