CISA releases Sparrow - a compromised apps' detection tool Azure and Microsoft 365 environments

The new tool named Sparrow released by the Cybersecurity and Infrastructure Security Agency (CISA) as an answer to the recent situation with stolen credentials being used to target Azure customers. The tool will help Azure admins detect the compromised apps and accounts in Azure and Microsoft 365 environments. Sparrow is a PowerShell-based tool, that can be used to check the unified Azure/Microsoft 365 audit log for indicators of compromise, to check Azure service principals, and to discover potentially malicious activity. Read more...