Week 49, 2022

🔔 New Check Available: Role Assigned to Azure Cloud Only Account

Despite moving to the cloud, many organizations continue to rely on Active Directory to be the source of truth. Accounts created in Azure AD will not automatically sync to the on-prem, Active Directory. This can create real issues for when employees leave. Because termination processes start with Active Directory, former employees can retain access to applications in Azure AD via these disconnected accounts that exist only in AAD. In the new "Role Assigned to Azure Cloud Only Account" (stay tuned, this name might change to something mildly less obtuse), Oort identifies if an account is assigned applications and permissions in Azure AD, but not Active Directory.

🖥️ Discover Application Usage Data

It can be tricky to keep track of who has access to which applications, which of those are in use, and when they were last accessed. This is easy to do in Oort’s user profiles, where there is a dedicated tab for drilling down into their associated applications. In this release, we’ve created easier ways to sort the applications table in a range of ways. Admins can now sort by application name, source, access granted by (group name or user email), usage count, last access date, and last sign-in result.

🌐 IP Insights by Country and Threat Categories

In the world of remote work, it’s inevitable that users will be logging in from a range of different locations. This can make it challenging to identify those attempted logins that are malicious. In this release, we’re surfacing more information about IPs for easier triage. For further context, users can click through to country tags on IPs and investigate additional activity from that country (shown below). Furthermore, when we detect IP threats, we will now show the associated threat tags (such as Denial of Service, Botnets, Windows Exploits).

🔗 Microsoft Sentinel Integration

For the security teams that use Oort, it’s important to tie into existing workflows. This can be instant messaging, emails, ticketing, or SIEMs. We’ve listened to our customers and are now excited to announce that Oort users can now triage checks within Microsoft Sentinel. Get in touch with us if you’d like to learn more!

Bug Fixes and Minor Improvements

Oort users roles are now displayed in the top right

PreviousWeek 50, 2022 NextWeek 48, 2022

Last updated 1 year ago