I've not used inspec but since I intercept a lot of security related concerns/complaints from my client base, I decided to try this out with my company's product.
Honestly, I'm not impressed, as it's about as it's just a straight up diff of some collected metrics from different snapshots with no real context or even mapping of events it diffs to the application/user/process responsible, and the discoverability of what actually changed isn't great.
The reports simply show as HTML text lists (all in red strangely, which I don't like), and unless I'm mistaken, there's no interactivity with them. I suppose it's a nice before and after, but it feels very limited in the information it offers, and I honestly don't like the UI presentation at all. Similarly, the documentation references UI elements that don't exist (for example, it mentions a Results item on the main menu that is not present, and I believe they mean Analyze).
Edit: added to last paragraph since I hit submit too soon.
Recommend for OS diffing, or OS config vuln scanning?
Former, no idea, the latter is fine with any major COTS product that does vuln scanning (Nessus/Rapid7/whatever) they're all pretty decent for doing an authenticated scan of a host's local config.
I was hoping there would be some interesting new development, but I guess nothing really changed huh? Dell enterprise security will print out a big Nessus report for a lot of money for a normal audit.
“Attack Surface Analyzer (ASA) is a Microsoft-developed Security tool that analyzes the attack surface of a Windows, Linux or MacOS system and reports on system changes that may have potential security implications that are introduced by the installation of software or by system misconfiguration.“
It's notable that if you run this tool on a computer that has onedrive set up, it will start downloading cloud-hosted onedrive files during the filesystem scan phase.
19 comments
[ 3.2 ms ] story [ 56.8 ms ] threadHonestly, I'm not impressed, as it's about as it's just a straight up diff of some collected metrics from different snapshots with no real context or even mapping of events it diffs to the application/user/process responsible, and the discoverability of what actually changed isn't great.
The reports simply show as HTML text lists (all in red strangely, which I don't like), and unless I'm mistaken, there's no interactivity with them. I suppose it's a nice before and after, but it feels very limited in the information it offers, and I honestly don't like the UI presentation at all. Similarly, the documentation references UI elements that don't exist (for example, it mentions a Results item on the main menu that is not present, and I believe they mean Analyze).
Edit: added to last paragraph since I hit submit too soon.
Former, no idea, the latter is fine with any major COTS product that does vuln scanning (Nessus/Rapid7/whatever) they're all pretty decent for doing an authenticated scan of a host's local config.
https://github.com/Microsoft/AttackSurfaceAnalyzer/wiki
ASA_linux_2.3.146-beta.zip
ASA_macos_2.3.146-beta.zip
ASA_netcoreapp_2.3.146-beta.zip
ASA_win_2.3.146-beta.zip
Security and closed source OS do not live in the same house.
I installed using dotnet tool install -g --version 2.3.141-beta-g9aa8b4e9b5 Microsoft.CST.AttackSurfaceAnalyzer.CLI
None of the CSS components load when launch with asa gui.
This one needs to bake a few more months.
edit: Oh, so this is a new, open version of the 2012 system. So perhaps not.