It was produce by CISA to help in the sensing of malicious action related to to the SolarWinds via media . Sparrow can be used by net protector to hunting for possible malicious activeness within Microsoft Azure Active Directory ( AD ) , Microsoft 365 ( M365 ) , and Office 365 ( O365 ) environment . The unexampled app , knight Aviary , is a splashboard that leave user to easily visualize and analyse data point from Sparrow , a compromise sensing tool around that was let go in December 2020 . Sparrow was produce to avail administration key explanation and application program that could have been compromise in their Azure / M365 environment . The espial cock is nowadays available on GitHub , with statement on how to set up Aviary after feed Sparrow admit in CISA ’s January promulgation , which was update this hebdomad with program line on exploitation Aviary . defender may employ Sparrow to notice perquisite escalation , notice OAuth consent and user ’ accept to practical application , key anomalous SAML token augury - IN , and check over the Graph API practical application permit for Service principal sum and apps in the environs , among other affair . The fresh give up Aviary , a Splunk - free-base dashboard , is design to construct it loose to study Sparrow performance data point .