ScubaGear is an assessment tool designed to verify the configuration of Microsoft 365 (M365) tenants against the Secure Cloud Business Applications (SCuBA) Security Configuration Baseline documents. The tool operates in three main steps: 1. It uses PowerShell to query M365 APIs for various configuration settings. 2. It employs Open Policy Agent (OPA) to compare these settings against Rego security policies based on the baseline documents. 3. It generates reports in HTML, JSON, and CSV formats to present the results of the comparison. ScubaGear is primarily intended for M365 administrators who want to assess their tenant environments against CISA Secure Configuration Baselines. It can be installed from PSGallery and requires certain dependencies and permissions to function correctly. The tool supports assessment of multiple M365 products and can be run with specific parameters or using a configuration file. It also includes features for troubleshooting common issues related to multiple tenants, Defender, Exchange Online, Power Platform, Microsoft Graph, and proxy configurations.
FEATURES
This tool is not verified yet and doesn't have listed features.
Did you submit the verified tool? Sign in to add features.
Are you the author? Claim the tool by clicking the icon above. After claiming, you can add features.
ALTERNATIVES
Azucar is a multi-threaded plugin-based tool for assessing Azure Cloud security.
Implements a cloud version of the Shadow Copy attack against domain controllers in AWS, allowing theft of domain user hashes.
A framework to analyze container images and gather useful information.
Zeus is a powerful tool for AWS EC2 / S3 / CloudTrail / CloudWatch / KMS best hardening practices with a focus on Identity and Access Management.
A tool to find S3 buckets from HTML, JS, and bucket misconfiguration testing
A project exploring minimal set of restrictions for running untrusted code using Linux containers in a concise codebase.