The Cybersecurity and Infrastructure Security Agency developed a free forensics collection tool to help defend Microsoft Windows networks against threats, according to a March 18 CISA notice.
CISA recommends any threat activity detected by the tool should be reviewed and confirmed. If an organization doesn't have the capability to follow the guidelines in the alert, CISA recommends they consider hiring a third-party IT security support team for assistance.
Here are four things to know:
- The software is currently only compatible with Windows operating systems.
- The tool can locate malicious activity that has spilled onto an on-premises environment.
- The software can examine Windows event logs, registry and network for artifacts of suspicious activity.
- The tool does not run continuously, but needs to be routinely run for updated results.
To read the full notice, click here.