BitLyft Air
Liongard + BitLyft: Complementary Capabilities Overview
Liongard provides deep visibility into configuration data, system baselines, identity relationships, and change tracking across managed environments. While Liongard excels at delivering rich context and historical insight, it is not designed to function as a broad, real-time threat detection platform.
BitLyft complements Liongard by delivering capabilities focused on active security operations, including:
- Real-time alerting for suspicious or malicious activity
- Threat correlation across multiple data sources
- Immediate, action-oriented remediation workflows
When used together, Liongard and BitLyft deliver a comprehensive security approach—combining immediate threat detection and response with the detailed configuration context needed to understand impact, investigate root cause, and prioritize remediation effectively.
Remediation Capabilities Overview
These BitLyft remediation and investigation actions are available today.
Identity and Access Remediation:
| Action | Description | Use Case |
|---|---|---|
| Logs Out User | Revokes all active sign-in sessions for a user. | Used when a user’s credentials may be compromised to invalidate active sessions. |
| Reset User Password | Resets the password to a specified or random value; user must reset on next login. | Essential for compromised accounts or enforcing immediate password hygiene. |
| Disable User Account | Immediately disables a user account. | Stops access for compromised accounts or during investigations. |
| Enable User Account | Re-enables a previously disabled account. | Restores access after remediation. |
Email & Mailbox Remediation:
| Action | Description | Use Case |
|---|---|---|
| List User Mail Rules | Shows all mail rules configured for a user. | Detects malicious forwarding rules often used in compromises. |
| Delete Mail Rules | Removes a specific rule. | Removes known malicious rules without affecting others. |
| Delete All Mail Rules | Clears all rules for a user. | Useful when rule sets are heavily compromised. |
| Search Mailbox | Searches user's email for content; returns up to 50 results. | Identifies phishing emails or sensitive content in investigations. |
| Quarantine Email by Subject | Moves emails matching a subject line to Deleted Items. | Mitigates ongoing phishing campaigns with consistent subject patterns. |
| Quarantine Email by Sender | Moves emails from a specific sender to Deleted Items. | Neutralizes malicious senders quickly. |
User & Group Management:
| Action | Description | Use Case |
|---|---|---|
| Total User Count | Retrieves user count for the tenant. | Audit and compliance checks. |
| List Users | Lists all users. | Helps detect unauthorized account creation. |
| Add User to Group | Adds a user to a domain group. | Enforces access controls during role or security changes. |
| Get Users in Group | Lists group members. | Supports access reviews. |
| Get Group ID by Name | Retrieves group ID from name. | Supports automation requiring group-specific references. |
| Create User | Creates a new user. | Supports provisioning or recovery operations. |
| Add License to User | Assigns a license. | Ensures proper service access during onboarding. |
| Remove License from User | Removes a license. | Cleans up unused licenses for offboarding. |
| List User Licenses | Lists licenses assigned to a user. | Validates license assignments. |
Conditional Access & Policy Enforcement:
| Action | Description | Use Case |
|---|---|---|
| Assign User to Conditional Access Policy | Adds a user to a specific CA policy. | Tightens controls during investigations or role changes. |
| List Conditional Access Policies | Retrieves all CA policies. | Helps verify policy coverage. |
| Get Conditional Access Policy Details | Retrieves policy configuration details. | Supports audits and troubleshooting. |
| Ensure BitLyft MFA Conditional Access Policy | Ensures an MFA-enforcing CA policy exists; creates it if not present. | Strengthens MFA enforcement across the tenant. |
Logging, Audit, and Forensics:
| Action | Description | Use Case |
|---|---|---|
| Azure Retrieve User Activity Logs | Retrieves activity logs for a user | Provides forensic insights during incidents. |
| Azure Retrieve User Sign-in Logs | Retrieves detailed sign-in logs. | Identifies unauthorized or anomalous sign-ins. |
| Enable Office 365 Audit Subscriptions | Enables audit logging for General, Exchange, SharePoint, and Azure AD Management APIs. | Ensures full audit coverage for investigations. |
| List Office 365 Audit Subscriptions | Lists enabled audit logs. | Verifies audit completeness. |
Tenant & Resource Visibility:
| Action | Description | Use Case |
|---|---|---|
| List Azure Domains | Lists tenant domains. | Inventory and monitoring of domain changes. |
| List SharePoint Sites | Retrieves information about SharePoint sites. | Identifies exposure risks or checks access. |
| Get User Details | Retrieves full account information. | Supports investigations and audits. |
| Get User Capabilities | Lists user capabilities/services. | Helps validate entitlements or troubleshoot access issues. |
Growing Capabilities
BitLyft continuously enhances and expands this feature. As a result, the remediation and investigation actions listed here are not exhaustive and are subject to change as new capabilities are introduced.
Updated about 6 hours ago