Service

Mandiant Azure AD Investigator

Readiness Level
Advanced
Mandiant Azure AD Investigator
Related topics:
Cybersecurity Best Practices, Cyber Threats and Advisories

CISA does not endorse any commercial product or service. CISA does not attest to the suitability or effectiveness of these services and resources for any particular use case. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply their endorsement, recommendation, or favoring by CISA.

Description

This repository contains a PowerShell module for detecting artifacts that may be indicators of UNC2452 and other threat actor activity. Some indicators are "high-fidelity" indicators of compromise; other artifacts are so-called "dual-use" artifacts. Dual-use artifacts may be related to threat actor activity, but also may be related to legitimate functionality.

Learn about CISA's CPGs

Tags

Audience
Educational Institutions, Executives, Federal Government, Industry, Small and Medium Businesses, Faith-Based Community, State, Local, Tribal, and Territorial Government
Topics
Cybersecurity Best Practices, Cyber Threats and Advisories

Related Services

Respond to an incident, Assess your risk level | Foundational, Intermediate

Metro State Cybersecurity Clinic

The Metro State Cybersecurity Clinic seeks to train students from diverse backgrounds—with varying academic expertise—to strengthen the digital defenses of under-resourced organizations in our communities.
Respond to an incident, Assess your risk level | Foundational, Intermediate

Louisiana State University - Cybersecurity Clinic

In conjunction with the Louisiana Small Business Development Center, the Louisiana State University Cybersecurity Clinic is helping to raise the cybersecurity baseline for small businesses by offering pro-bono cybersecurity services.
Intermediate

Semgrep

Semgrep OSS is an open-source, static analysis tool for searching code, finding bugs, and enforcing code standards at editor, commit, and CI time.