Week 49, 2022
π New Check Available: Role Assigned to Azure Cloud Only Account
Despite moving to the cloud, many organizations continue to rely on Active Directory to be the source of truth. Accounts created in Azure AD will not automatically sync to the on-prem, Active Directory. This can create real issues for when employees leave. Because termination processes start with Active Directory, former employees can retain access to applications in Azure AD via these disconnected accounts that exist only in AAD. In the new "Role Assigned to Azure Cloud Only Account" (stay tuned, this name might change to something mildly less obtuse), Oort identifies if an account is assigned applications and permissions in Azure AD, but not Active Directory.
π₯οΈ Discover Application Usage Data
It can be tricky to keep track of who has access to which applications, which of those are in use, and when they were last accessed. This is easy to do in Oortβs user profiles, where there is a dedicated tab for drilling down into their associated applications. In this release, weβve created easier ways to sort the applications table in a range of ways. Admins can now sort by application name, source, access granted by (group name or user email), usage count, last access date, and last sign-in result.
π IP Insights by Country and Threat Categories
In the world of remote work, itβs inevitable that users will be logging in from a range of different locations. This can make it challenging to identify those attempted logins that are malicious. In this release, weβre surfacing more information about IPs for easier triage. For further context, users can click through to country tags on IPs and investigate additional activity from that country (shown below). Furthermore, when we detect IP threats, we will now show the associated threat tags (such as Denial of Service, Botnets, Windows Exploits).
π Microsoft Sentinel Integration
For the security teams that use Oort, itβs important to tie into existing workflows. This can be instant messaging, emails, ticketing, or SIEMs. Weβve listened to our customers and are now excited to announce that Oort users can now triage checks within Microsoft Sentinel. Get in touch with us if youβd like to learn more!
Bug Fixes and Minor Improvements
Oort users roles are now displayed in the top right
Last updated