top of page
Search

Untitled Goose Tool

  • Writer: Talfor
    Talfor
  • Jul 24
  • 1 min read

Much useful Incident Response (IR) tool released by CISA to run a full investigation against a customer’s Azure Active Directory (AzureAD), Azure, and M365 environments.

The tool enables users to:

- Export and review AAD sign-in and audit logs.- M365 unified audit log (UAL).- Azure activity logs.- Microsoft Defender for IoT (internet of things) alerts, and Microsoft Defender for Endpoint (MDE) data for suspicious activity.- Query, export, and investigate AAD, M365, and Azure configurations.- Extract cloud artifacts from Microsoft’s AAD, Azure, and M365 environments without performing additional analytics.- Perform time bounding of the UAL.- Extract data within those time bounds.- Collect and review data using similar time bounding capabilities for MDE data.


 
 

Recent Posts

See All
Magnet RESPONSE tool

The acquisition of volatile data in the IR process is very important and Incident Responders used to execute separate tools and commands...

 
 
WinPMEM free RAM capture tool

Adding to the list of free RAM capture tools -WinPMEM — an open-source memory acquisition tool. Download from https://lnkd.in/g8eUvPM8...

 
 
bottom of page