CISA has released a tool that helps detect potentially compromised applications and accounts in Azure/Microsoft 365 environments. This comes after Microsoft disclosed how stolen credentials and access tokens are being used by threat actors to target Azure customers. The tool is intended for use by incident responders and is narrowly focused on activity that is endemic to the recent identity- and authentication-based attacks seen in multiple sectors. CISA’s Sparrow can be used to narrow down larger sets of investigation modules and telemetry to those specific to recent attacks.
Source: https://www.bleepingcomputer.com/news/security/cisa-releases-azure-microsoft-365-malicious-activity-detection-tool/