The Cybersecurity and Infrastructure Security Agency released a forensics collection capability to help detect activity related to the supply chain compromises affecting SolarWinds and Active Directory/Microsoft 365.
The CISA Hunt and Incident Response Program, or CHIRP, is an open-source project freely available to all stakeholders on CISA’s CHIRP GitHub repository.