Closed drathbo closed 1 year ago
@drathbo Untitled Goose Tool is primarily meant for organizations to extract logs and configurations to constantly monitor their environment. It's more apt to compare the Untitled Goose Tool to having a Security Information and Event Management (SIEM). Licensing in Azure/m365 allows you to gain more access to premium audit logging events and alerts, but a SIEM will help you more in constantly monitoring your cloud environment. Untitled Goose Tool is aimed at incident response teams, who need to export cloud artifacts after an incident quickly to perform analysis. Hopefully that makes sense!
I'm posting this here at Victoria's recommendation.
I was looking into possibly using Untitled Goose Tool and I had some questions. If we already have a license which incorporates many of Microsoft’s Defender products (endpoint, identity, cloud, etc) is the Untitled Goose Tool a product that will enhance capabilities beyond what Microsoft already offers for it’s Defender suite of products or is this tool designed as a standalone product for organizations who don’t already have robust security licenses in O365/Azure?