The new app , knight Aviary , is a splasher that allow drug user to easily visualize and analyse datum from Sparrow , a compromise espial dick that was let go in December 2020 . Sparrow can be victimised by mesh guardian to look for potential malicious bodily process within Microsoft Azure Active Directory ( AD ) , Microsoft 365 ( M365 ) , and Office 365 ( O365 ) surroundings . It was produce by CISA to economic aid in the sensing of malicious natural action come to to the SolarWinds via media . Sparrow was create to help oneself formation distinguish explanation and practical application that could have been compromise in their Azure / M365 surroundings . guardian may utilisation Sparrow to observe privilege escalation , detect OAuth consent and user ’ accept to application program , discover anomalous SAML nominal signalise - Immigration and Naturalization Service , and checkout the Graph API lotion license for Service principal and apps in the surround , among other things . The fresh let go Aviary , a Splunk - ground fascia , is contrive to pee-pee it well-situated to psychoanalyse Sparrow functioning datum . The sensing joyride is straight off available on GitHub , with book of instructions on how to put in Aviary after head for the hills Sparrow admit in CISA ’s January annunciation , which was update this calendar week with educational activity on using Aviary .