Merge branch 'develop'

Author: silverhack

Invoke-Monkey365.ps1

@@ -63,26 +63,26 @@ Function Invoke-Monkey365{
                 https://github.com/silverhack/monkey365
 
         .EXAMPLE
-	        $assets = Invoke-Monkey365 -ExportTo CSV -PromptBehavior SelectAccount -IncludeEntraID -Instance Microsoft365 -Analysis SharePointOnline
+	        $assets = Invoke-Monkey365 -ExportTo CSV -PromptBehavior SelectAccount -IncludeEntraID -Instance Microsoft365 -Collect SharePointOnline
 
-            This example retrieves information of both Azure AD and SharePoint Online and will save results into a CSV file. If credentials are not supplied, Monkey365 will prompt for credentials.
+            This example will collect information of both Azure AD and SharePoint Online and will save results into a CSV file. If credentials are not supplied, Monkey365 will prompt for credentials.
 
         .EXAMPLE
-	        Invoke-Monkey365 -PromptBehavior SelectAccount -Instance Azure -Analysis All -subscriptions 00000000-0000-0000-0000-000000000000 -TenantID 00000000-0000-0000-0000-000000000000 -ExportTo CLIXML
+	        Invoke-Monkey365 -PromptBehavior SelectAccount -Instance Azure -Collect All -subscriptions 00000000-0000-0000-0000-000000000000 -TenantID 00000000-0000-0000-0000-000000000000 -ExportTo CLIXML
 
-            This example retrieves information of an Azure subscription and will export data to a XML-based file. If credentials are not supplied, Monkey365 will prompt for credentials.
+            This example will collect information of an Azure subscription and will export data to a XML-based file. If credentials are not supplied, Monkey365 will prompt for credentials.
 
         .EXAMPLE
-	        Invoke-Monkey365 -ClientId 00000000-0000-0000-0000-000000000000 -ClientSecret ("MySuperClientSecret" | ConvertTo-SecureString -AsPlainText -Force) -Instance Azure -Analysis All -subscriptions 00000000-0000-0000-0000-000000000000 -TenantID 00000000-0000-0000-0000-000000000000 -ExportTo CLIXML,CSV,JSON,HTML
+	        Invoke-Monkey365 -ClientId 00000000-0000-0000-0000-000000000000 -ClientSecret ("MySuperClientSecret" | ConvertTo-SecureString -AsPlainText -Force) -Instance Azure -Collect All -subscriptions 00000000-0000-0000-0000-000000000000 -TenantID 00000000-0000-0000-0000-000000000000 -ExportTo CLIXML,CSV,JSON,HTML
 
             This example retrieves information of an Azure subscription and will export data driven to CSV, JSON, HTML, XML and Excel format into monkey-reports folder. The script will connect to Azure using the client credential flow.
 
         .EXAMPLE
-            Invoke-Monkey365 -certificate C:\monkey365\testapp.pfx -ClientId 00000000-0000-0000-0000-000000000000 -CertFilePassword ("MySuperCertSecret" | ConvertTo-SecureString -AsPlainText -Force) -Instance Microsoft365 -Analysis SharePointOnline -TenantID 00000000-0000-0000-0000-000000000000 -ExportTo CLIXML,CSV,JSON,HTML
+            Invoke-Monkey365 -certificate C:\monkey365\testapp.pfx -ClientId 00000000-0000-0000-0000-000000000000 -CertFilePassword ("MySuperCertSecret" | ConvertTo-SecureString -AsPlainText -Force) -Instance Microsoft365 -Collect SharePointOnline -TenantID 00000000-0000-0000-0000-000000000000 -ExportTo CLIXML,CSV,JSON,HTML
 	        This example retrieves information of an Microsoft 365 subscription and will export data driven to CSV, JSON, HTML, XML and Excel format into monkey-reports folder. The script will connect to Azure using the certificate credential flow.
 
         .EXAMPLE
-	        Invoke-Monkey365 -PromptBehavior SelectAccount -Instance Azure -Analysis All -TenantID 00000000-0000-0000-0000-000000000000 -ExportTo HTML
+	        Invoke-Monkey365 -PromptBehavior SelectAccount -Instance Azure -Collect All -TenantID 00000000-0000-0000-0000-000000000000 -ExportTo HTML
 
             This example retrieves information of an Azure subscription and will export data driven to HTML format into monkey-reports folder. If credentials are not supplied, Monkey365 will prompt for credentials.
 
@@ -92,7 +92,7 @@ Function Invoke-Monkey365{
         .PARAMETER Instance
 	        Select the instance to scan. Valid options are Azure or Microsoft365
 
-        .PARAMETER Analysis
+        .PARAMETER Collect
 	        Collect data from specified assets. Depending of what instance was selected, the following values are accepted:
 
             Value                        Description
@@ -303,7 +303,13 @@ Function Invoke-Monkey365{
         [Switch]$DeviceCode,
 
         [Parameter(Mandatory=$false, HelpMessage="Force to load MSAL Desktop PowerShell Core on Windows")]
-        [Switch]$ForceMSALDesktop
+        [Switch]$ForceMSALDesktop,
+
+        [Parameter(Mandatory=$false, HelpMessage="List available collectors")]
+        [Switch]$ListCollector,
+
+        [Parameter(Mandatory=$false, HelpMessage="List available rules")]
+        [Switch]$ListRule
     )
     dynamicparam{
         # Set available instance class
@@ -318,15 +324,15 @@ Function Invoke-Monkey365{
             $attributeCollection = New-Object -TypeName System.Collections.ObjectModel.Collection[System.Attribute]
             # define a new parameter attribute
             $analysis_attr_name = New-Object System.Management.Automation.ParameterAttribute
-            $analysis_attr_name.Mandatory = $true
+            $analysis_attr_name.Mandatory = $false
             $attributeCollection.Add($analysis_attr_name)
 
             # set the ValidateSet attribute
             $token_attr_name = New-Object System.Management.Automation.ValidateSetAttribute($instance_class.Item($Instance))
             $attributeCollection.Add($token_attr_name)
 
-            # create the dynamic -Analysis parameter
-            $analysis_pname = 'Analysis'
+            # create the dynamic -Collect parameter
+            $analysis_pname = 'Collect'
             $analysis_type_dynParam = New-Object -TypeName System.Management.Automation.RuntimeDefinedParameter($analysis_pname,
             [Array], $attributeCollection)
             $paramDictionary.Add($analysis_pname, $analysis_type_dynParam)
@@ -416,10 +422,43 @@ Function Invoke-Monkey365{
         #Initialize Logger
         Initialize-MonkeyLogger
         #Check if import job
-        if($PSBoundParameters.ContainsKey('ImportJob') -and $PSBoundParameters.ImportJob){
+        If($PSBoundParameters.ContainsKey('ImportJob') -and $PSBoundParameters.ImportJob){
             Import-MonkeyJob
             return
         }
+        #Check if list collectors
+        If($PSBoundParameters.ContainsKey('ListCollector') -and $PSBoundParameters['ListCollector'].IsPresent){
+            #Get command Metadata
+            $MetaData = New-Object -TypeName "System.Management.Automation.CommandMetaData" (Get-Command -Name "Get-MonkeyCollector")
+            $newPsboundParams = [ordered]@{}
+            if($null -ne $MetaData){
+                $param = $MetaData.Parameters.Keys
+                foreach($p in $param.GetEnumerator()){
+                    if($PSBoundParameters.ContainsKey($p)){
+                        $newPsboundParams.Add($p,$PSBoundParameters[$p])
+                    }
+                }
+                #Add verbose, debug
+                $newPsboundParams.Add('Verbose',$O365Object.verbose)
+                $newPsboundParams.Add('Debug',$O365Object.debug)
+                $newPsboundParams.Add('InformationAction',$O365Object.InformationAction)
+                #Add services if exists
+                If($null -ne $O365Object.initParams.Collect -and $O365Object.initParams.Collect.Count -gt 0){
+                    #Remove all option
+                    $collect = $O365Object.initParams.Collect.Where({$_.ToLower() -ne 'all'})
+                    [void]$newPsboundParams.Add('Service',$collect);
+                }
+                #Add pretty print
+                [void]$newPsboundParams.Add('Pretty',$true);
+                #Add Provider
+                If($PSBoundParameters.ContainsKey('Instance') -and $PSBoundParameters['Instance']){
+                    [void]$newPsboundParams.Add('Provider',$PSBoundParameters['Instance']);
+                }
+                #Execute command
+                Get-MonkeyCollector @newPsboundParams
+            }
+            return
+        }
         #Check for mandatory params
         Test-MandatoryParameter
         #Import MSAL module

README.md

@@ -93,10 +93,10 @@ By default, the HTML report shows you the CIS (Center for Internet Security) Ben
 
 The following standards are supported by Monkey365:
 
-* CIS Microsoft Azure Foundations Benchmark v1.4.0
-* CIS Microsoft 365 Foundations Benchmark v1.4.0
-* CIS Microsoft Azure Foundations Benchmark v1.5.0
-* CIS Microsoft 365 Foundations Benchmark v1.5.0
+* CIS Microsoft Azure Foundations Benchmark v2.0.0
+* CIS Microsoft Azure Foundations Benchmark v3.0.0
+* CIS Microsoft 365 Foundations Benchmark v2.0.0
+* CIS Microsoft 365 Foundations Benchmark v3.0.0
 
 More standards will be added in next releases (NIST, HIPAA, GDPR, PCI-DSS, etc..) as they are available.
 

collectors/azure/APIM/Get-MonkeyAZAPIM.ps1

@@ -55,21 +55,25 @@ function Get-MonkeyAZAPIM {
 			Group = @(
 				"APIM"
 			);
-			Tags = @{
-				"enabled" = $true
-			};
-			Docs = "https://silverhack.github.io/monkey365/";
+			Tags = @(
+
+			);
+			references = @(
+				"https://silverhack.github.io/monkey365/"
+			);
 			ruleSuffixes = @(
 				"az_APIM"
 			);
 			dependsOn = @(
 
 			);
+			enabled = $true;
+			supportClientCredential = $true
 		}
 		#Get Config
 		$APIMConfig = $O365Object.internal_config.ResourceManager | Where-Object { $_.Name -eq "APIManagement" } | Select-Object -ExpandProperty resource
 		#Get Storage accounts
-		$APIM_objects = $O365Object.all_resources.Where({$_.type -like 'Microsoft.ApiManagement/service'})
+		$APIM_objects = $O365Object.all_resources.Where({ $_.type -like 'Microsoft.ApiManagement/service' })
 		if (-not $APIM_objects) { continue }
 		#Set array
 		$all_APIM = $null
@@ -83,25 +87,25 @@ function Get-MonkeyAZAPIM {
 			Tags = @('AzureAPIManagementInfo');
 		}
 		Write-Information @msg
-        if($APIM_objects.Count -gt 0){
-            $new_arg = @{
-			    APIVersion = $APIMConfig.api_version;
-		    }
-            $p = @{
-			    ScriptBlock = { Get-MonkeyAzAPIMInfo -InputObject $_ };
-                Arguments = $new_arg;
-			    Runspacepool = $O365Object.monkey_runspacePool;
-			    ReuseRunspacePool = $true;
-			    Debug = $O365Object.VerboseOptions.Debug;
-			    Verbose = $O365Object.VerboseOptions.Verbose;
-			    MaxQueue = $O365Object.nestedRunspaces.MaxQueue;
-			    BatchSleep = $O365Object.nestedRunspaces.BatchSleep;
-			    BatchSize = $O365Object.nestedRunspaces.BatchSize;
-		    }
-            $all_APIM = $APIM_objects | Invoke-MonkeyJob @p
-        }
+		if ($APIM_objects.Count -gt 0) {
+			$new_arg = @{
+				APIVersion = $APIMConfig.api_version;
+			}
+			$p = @{
+				ScriptBlock = { Get-MonkeyAzAPIMInfo -InputObject $_ };
+				Arguments = $new_arg;
+				Runspacepool = $O365Object.monkey_runspacePool;
+				ReuseRunspacePool = $true;
+				Debug = $O365Object.VerboseOptions.Debug;
+				Verbose = $O365Object.VerboseOptions.Verbose;
+				MaxQueue = $O365Object.nestedRunspaces.MaxQueue;
+				BatchSleep = $O365Object.nestedRunspaces.BatchSleep;
+				BatchSize = $O365Object.nestedRunspaces.BatchSize;
+			}
+			$all_APIM = $APIM_objects | Invoke-MonkeyJob @p
+		}
 	}
-	End {
+	end {
 		if ($all_APIM) {
 			$all_APIM.PSObject.TypeNames.Insert(0,'Monkey365.Azure.APIM')
 			[pscustomobject]$obj = @{
@@ -125,3 +129,4 @@ function Get-MonkeyAZAPIM {
 }
 
 
+

collectors/azure/alerts/securityalerts/Get-MonkeyAzSecurityAlert.ps1

@@ -56,16 +56,20 @@ function Get-MonkeyAzSecurityAlert {
 			Group = @(
 				"SecurityAlerts"
 			);
-			Tags = @{
-				"enabled" = $true
-			};
-			Docs = "https://silverhack.github.io/monkey365/";
+			Tags = @(
+
+			);
+			references = @(
+				"https://silverhack.github.io/monkey365/"
+			);
 			ruleSuffixes = @(
 				"aad_security_alerts"
 			);
 			dependsOn = @(
 
 			);
+			enabled = $true;
+			supportClientCredential = $true
 		}
 		#Get Environment
 		$Environment = $O365Object.Environment
@@ -132,3 +136,4 @@ function Get-MonkeyAzSecurityAlert {
 
 
 
+

collectors/azure/appservices/Get-MonkeyAzAppServiceInfo.ps1

@@ -56,16 +56,20 @@ function Get-MonkeyAzAppServiceInfo {
 			Group = @(
 				"AppServices"
 			);
-			Tags = @{
-				"enabled" = $true
-			};
-			Docs = "https://silverhack.github.io/monkey365/";
+			Tags = @(
+
+			);
+			references = @(
+				"https://silverhack.github.io/monkey365/"
+			);
 			ruleSuffixes = @(
 				"az_app_services"
 			);
 			dependsOn = @(
 
 			);
+			enabled = $true;
+			supportClientCredential = $true
 		}
 		#config
 		$config = $O365Object.internal_config.ResourceManager | Where-Object { $_.Name -eq "azureWebApps" } | Select-Object -ExpandProperty resource
@@ -85,21 +89,21 @@ function Get-MonkeyAzAppServiceInfo {
 		}
 		Write-Information @msg
 		if ($app_services.Count -gt 0) {
-            $new_arg = @{
+			$new_arg = @{
 				APIVersion = $config.api_version;
 			}
-            $p = @{
-			    ScriptBlock = { Get-MonkeyAzAppService -InputObject $_ };
-                Arguments = $new_arg;
-			    Runspacepool = $O365Object.monkey_runspacePool;
-			    ReuseRunspacePool = $true;
-			    Debug = $O365Object.VerboseOptions.Debug;
-			    Verbose = $O365Object.VerboseOptions.Verbose;
-			    MaxQueue = $O365Object.nestedRunspaces.MaxQueue;
-			    BatchSleep = $O365Object.nestedRunspaces.BatchSleep;
-			    BatchSize = $O365Object.nestedRunspaces.BatchSize;
-		    }
-            $all_apps = $app_services | Invoke-MonkeyJob @p
+			$p = @{
+				ScriptBlock = { Get-MonkeyAzAppService -InputObject $_ };
+				Arguments = $new_arg;
+				Runspacepool = $O365Object.monkey_runspacePool;
+				ReuseRunspacePool = $true;
+				Debug = $O365Object.VerboseOptions.Debug;
+				Verbose = $O365Object.VerboseOptions.Verbose;
+				MaxQueue = $O365Object.nestedRunspaces.MaxQueue;
+				BatchSleep = $O365Object.nestedRunspaces.BatchSleep;
+				BatchSize = $O365Object.nestedRunspaces.BatchSize;
+			}
+			$all_apps = $app_services | Invoke-MonkeyJob @p
 		}
 	}
 	end {
@@ -131,3 +135,4 @@ function Get-MonkeyAzAppServiceInfo {
 
 
 
+

collectors/azure/botchannels/Get-MonkeyAzBotChannel.ps1

@@ -62,16 +62,20 @@ function Get-MonkeyAzBotChannel {
 			Group = @(
 				"BotChannels"
 			);
-			Tags = @{
-				"enabled" = $true
-			};
-			Docs = "https://silverhack.github.io/monkey365/";
+			Tags = @(
+
+			);
+			references = @(
+				"https://silverhack.github.io/monkey365/"
+			);
 			ruleSuffixes = @(
 				"az_bots"
 			);
 			dependsOn = @(
 
 			);
+			enabled = $true;
+			supportClientCredential = $true
 		}
 		#Import Localized data
 		$LocalizedDataParams = $O365Object.LocalizedDataParams
@@ -133,3 +137,4 @@ function Get-MonkeyAzBotChannel {
 
 
 
+

collectors/azure/classicvm/virtualmachines/Get-MonkeyAzClassicDisk.ps1

@@ -36,7 +36,7 @@ function Get-MonkeyAzClassicDisk {
         .LINK
             https://github.com/silverhack/monkey365
     #>
-	[Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSUseShouldProcessForStateChangingFunctions", "", Scope="Function")]
+	[Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSUseShouldProcessForStateChangingFunctions","",Scope = "Function")]
 	[CmdletBinding()]
 	param(
 		[Parameter(Mandatory = $false,HelpMessage = "Background Collector ID")]
@@ -56,16 +56,20 @@ function Get-MonkeyAzClassicDisk {
 			Group = @(
 				"VirtualMachines"
 			);
-			Tags = @{
-				"enabled" = $true
-			};
-			Docs = "https://silverhack.github.io/monkey365/";
+			Tags = @(
+
+			);
+			references = @(
+				"https://silverhack.github.io/monkey365/"
+			);
 			ruleSuffixes = @(
 				"az_classic_disks"
 			);
 			dependsOn = @(
 
 			);
+			enabled = $true;
+			supportClientCredential = $true
 		}
 		#Import Localized data
 		$LocalizedDataParams = $O365Object.LocalizedDataParams
@@ -126,3 +130,4 @@ function Get-MonkeyAzClassicDisk {
 
 
 
+