Using Aviary to Analyze Post-Compromise Threat Activity in M365 Environments

Original release date: April 8, 2021Aviary is a new dashboard that CISA and partners developed to help visualize and analyze outputs from its Sparrow detection tool released in December 2020. Sparrow helps network defenders detect possible compromised accounts and applications in Azure/Microsoft O365 environments. CISA created Sparrow to support hunts for threat activity following the SolarWinds compromise. Aviary—a Splunk-based dashboard—facilitates analysis of Sparrow data outputs. CISA encourages network defenders wishing to use Aviary to facilitate their analysis of output from...