The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) recently released a free tool that will assist organizations with identifying indicators of compromise following threat activity in Microsoft 365 and Azure Environments.

The new CISA Hunt and Incident Response Program (CHIRP) tool, “is a forensics collection tool that CISA developed to help network defenders find indicators of compromise (IOCs)”  associated with the activity CISA had earlier highlighted in  previous Alerts outlining the Sparrow program.

Like the Sparrow program before it, CHIRP is designed to identify IOCs within an on-premises environment and scans only Windows operating systems. To avail yourself of the free tool, you can obtain it by accessing CISA’s GitHub repository.  It is available in either a compiled executable or a python script.