Summary
Another week brings another impressive set of new Oort functionality.
The headliner this week is a new check that will help customers who run into challenges keeping consistency across both Activity Directory and Azure Active Directory.
In addition to this new check, we’re making it even easier to investigate user application usage and IP addresses in the Oort platform.
Finally we’re now able to integrate into Azure Sentinel, making it even easier to tie Oort into your existing security workflows!
🔔 New Check Available: Role Assigned to Azure Cloud Only Account
Despite moving to the cloud, many organizations continue to rely on Active Directory to be the source of truth. Accounts created in Azure AD will not automatically sync to the on-prem, Active Directory.
This can create real issues for when employees leave. Because termination processes start with Active Directory, former employees can retain access to applications in Azure AD via these disconnected accounts that exist only in AAD.
In the new "Role Assigned to Azure Cloud Only Account" (stay tuned, this name might change to something mildly less obtuse), Oort identifies if an account is assigned applications and permissions in Azure AD, but not Active Directory.
🖥️ Discover Application Usage Data
It can be tricky to keep track of who has access to which applications, which of those are in use, and when they were last accessed. This is easy to do in Oort’s user profiles, where there is a dedicated tab for drilling down into their associated applications.
In this release, we’ve created easier ways to sort the applications table in a range of ways. Admins can now sort by application name, source, access granted by (group name or user email), usage count, last access date, and last sign-in result.
🌐 IP Insights by Country and Threat Categories
In the world of remote work, it’s inevitable that users will be logging in from a range of different locations. This can make it challenging to identify those attempted logins that are malicious. In this release, we’re surfacing more information about IPs for easier triage.
For further context, users can click through to country tags on IPs and investigate additional activity from that country (shown below). Furthermore, when we detect IP threats, we will now show the associated threat tags (such as Denial of Service, Botnets, Windows Exploits).
🔗 Microsoft Sentinel Integration
For the security teams that use Oort, it’s important to tie into existing workflows. This can be instant messaging, emails, ticketing, or SIEMs.
We’ve listened to our customers and are now excited to announce that Oort users can now triage checks within Microsoft Sentinel. Get in touch with us if you’d like to learn more!
Bug Fixes and Minor Improvements
- Oort users roles are now displayed in the top right