Monkey365 v0.94-beta

What's Changed

• The following rulesets were removed from codebase:
  • CIS for Microsoft 365 1.4
  • CIS for Microsoft 365 1.5
  • CIS for Azure 1.4
  • CIS for Azure 1.5
  • CIS for Azure 2.0
• Improved documentation and examples (https://silverhack.github.io/monkey365/)

What's New

• All CIS recommendations/controls were included:
  • 151 rules were added for Azure
  • 97 rules were added for Entra ID
  • 126 rules were added for Microsoft 365 services
• Support for both Azure and Microsoft 365 CIS benchmark v3.0

Fixes

• Purview Scan Error #130
• Get-MonkeyCompliance is not recognized as a name of a cmdlet, function, script file #128
• CIS benchmark output has missing checks #131

Upcoming breaking changes

• Update to latest CIS Benchmarks #122
• Redesign HTML output #114
• Move all rules and rulesets to its own repo #133

Full Changelog: v0.91.3-beta...v0.94-beta

Monkey365 v0.93-beta

Breaking Changes

• Analysis flag was renamed toCollect #123
• Duplicate functions were removed from core #113
• To follow best practices, internal warnings from PsScriptAnalyzer were fixed #113

New features

• The -ListCollector allows you to list available collectors for both, Azure and Microsoft365. Try it now with the following examples:

Invoke-Monkey365 -ListCollector

If you want to filter for specific services

Invoke-Monkey365 -Instance Azure -Collect Databases,KeyVault,VirtualMachines,StorageAccounts -ListCollector

Azure

• CIS Benchmark for Azure 3.0 is included. #122

Microsoft 365

• CIS Benchmark for Microsoft 3.0 is included. #122

Full Changelog: v0.92-alpha...v0.93-beta

Monkey365 v0.92-alpha

What's Changed

• The JSON output was replaced for the JSON OCSF v1.1.0 #76
• The CLIXML output was updated to OCSF v1.1.0 #76
• The CSV option was updated and now will export pass/fails compliance results into a CSV file #76
• The PRINT option is no longer supported and was removed

JSON example format

{
  "metadata": {
    "eventCode": "aad_sbd_enabled",
    "product": {
      "name": "Monkey365",
      "vendorName": "Monkey365",
      "version": "0.98"
    },
    "version": "1.1.0"
  },
  "severityId": 0,
  "severity": "Unknown",
  "status": "New",
  "statusCode": "pass",
  "statusDetail": null,
  "statusId": 1,
  "unmapped": {
    "provider": "EntraID",
    "pluginId": "aad0024",
    "apiType": "EntraIDPortal",
    "resource": "EntraIDPortal"
  },
  "activityName": "Create",
  "activityId": 1,
  "findingInfo": {
    "createdTime": "2024-08-21T11:47:48Z",
    "description": "Security defaults in Microsoft Entra ID (Azure Active Directory) make it easier to be secure and help protect your organization. Security defaults
 contain preconfigured security settings for common attacks.Microsoft is making security defaults available to everyone. The goal is to ensure that all organizations 
have a basic level of security-enabled at no extra cost. The use of security defaults however will prohibit custom settings which are being set with more advanced set
tings.",
    "productId": "Monkey365",
    "title": "Ensure Security Defaults is disabled on Microsoft Entra ID",
    "id": "Monkey365-aad-sbd-enabled-a4807c0361194a9a9da91e02458bd3ff-zxuQ2OfB3Ag"
  },
  "resources": {
    "cloudPartition": "6",
    "region": null,
    "data": null,
    "group": {
      "name": "General"
    },
    "labels": null,
    "name": null,
    "type": null,
    "id": null
  },
  "categoryName": "Findings",
  "categoryId": 2,
  "className": "Detection",
  "classId": 2004,
  "cloud": {
    "account": {
      "name": "Contoso",
      "type": "AzureADAccount",
      "typeId": "6",
      "id": "a4807c03-6119-4a9a-9da9-1e02458bd3ff"
    },
    "organization": {
      "name": "Contoso",
      "id": "a4807c03-6119-4a9a-9da9-1e02458bd3ff"
    },
    "provider": "Microsoft365",
    "region": "global"
  },
  "time": "2024-08-21T11:47:48Z",
  "remediation": {
    "description": "From Azure Console1. Sign in to the Azure portal as a security administrator, Conditional Access administrator, or global administrator.2. Bro
wse to Microsoft Entra ID  Properties.3. Select Manage security defaults.4. Set the Enable security defaults toggle to No.5. Select Save.",
    "references": [
      "https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/users-default-permissions",
      "http://www.rebeladmin.com/2019/04/step-step-guide-restrict-azure-ad-administration-portal/",
      "https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults",
      "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/introducing-security-defaults/ba-p/1061414"
    ]
  },
  "typeId": 200401,
  "typeName": "Create"
}

Full Changelog: v0.91.3-beta...v0.92-alpha

Monkey365 v0.91.4-beta

What's Changed

• Multiple strongly typed objects were created to store internal data
• Internal module monkeymsalauthassistant was removed as it's not necessary anymore
• Support for Excel was removed

Fixes

• SharePoint Online connecting error was fixed in #107

Upcoming breaking changes

• The JSON output will be replaced for the JSON OCSF v1.1.0
• The CSV RAW output will be standarised and a new format will replace the raw output. More information #76
• The CLIXML and PRINT options will be removed soon

Full Changelog: v0.91.3-beta...v0.91.4-beta

Monkey365 v0.91.3-beta

What's Changed

• Minor update in the ruleset engine. A metadata object with information about collector name, api type, etc.. was added to every single rule
• Internal funcions for SharePoint Online were completely rewritten to add pipeline support
• Monkey365 is now using strongly typed objects to store internal data
• A number of Azure and Microsoft 365 rules were updated

What's New

• New rules for Azure and Microsoft 365 were included
• Support for both Azure and Microsoft 365 CIS benchmark v2.0

Fixes

• Import-Module error was fixed in #87
• Unified AuditLog collector was routed to correct Endpoint in #89
• Fix for duplicate entries in Analysis in #93
• Fix exception when Analysis and IncludeEntraId parameters are not provided in #98

Upcoming breaking changes

• The JSON output will be replaced for the JSON OCSF v1.1.0
• The CSV RAW output will be standarised and a new format will replace the raw output. More information #76
• The Excel and CLIXML options will be removed soon

Full Changelog: v0.91.2-beta...v0.91.3-beta

Monkey365 v0.91.2-beta

Important changes

• Monkeyruleset PowerShell module was completely rewritten to add support for complex queries
• Major update in the plugin engine. Now is possible to exclude plugins from being executed
• Plugins were renamed to Collectors
• Properties within JSON rules and rulesets were renamed and rule logic was completely rewritten. If you have your own set of rules, these should be adapted. Please, check the documentation here
• Microsoft MSAL (Microsoft Authentication library) binaries were updated to latest compatible version
• Internal MSAL PowerShell module was completely rewritten [#77]
• Azure AD was renamed to Microsoft Entra ID (I really hate that xP)
• Now you can compress all output data with the -Compress flag. Please, check the documentation here

What's Changed

• Security & Compliance RPS modules were migrated to REST-based module in #59
• Fix authentication logic when a Non-Valid TenantId is passed in #72 and #70
• Fix authentication logic in Exchange Online under GCCHigh environments in [#75]
• Fix Json attributes in #69
• Updated RBAC roles in #68
• BinaryFormatter was removed in #79
• Fix for multiple 404 errors when querying for Azure Diagnostic Settings in #73
• Fix typo errors
• Improved documentation and examples (https://silverhack.github.io/monkey365/)

Full Changelog: v0.91.1-beta...v0.91.2-beta

Monkey365 v0.91.1-beta

What's Changed

Fix import issue when a folder contains an special name
Fix typo errors

Special thanks

Special thanks to nickchristie who discovered this issue.

Full Changelog: v0.91-beta...v0.91.1-beta

Monkey365 v0.91-beta

What's Changed

• Support for both Azure and Microsoft 365 CIS benchmark v1.5.0
• Migrated from old Azure AD graph api to Microsoft Graph
• Migrated from Security & Compliance RPS to Rest API
• Improved documentation and examples (https://silverhack.github.io/monkey365/)
• Major update in the web request module
• Fix authentication issues with DeviceCode
• Fix authentication issue with SharePoint Online
• Fix typo errors

Full Changelog: v0.85-beta...v0.91-beta

Monkey365 0.85-beta

What's Changed

Migrated from old Azure AD graph api to Microsoft Graph
Migrated from Exchange Online RPS to Rest API
PowerShell background job module was completely rewritten
Improved documentation and examples (https://silverhack.github.io/monkey365/)
Major update in the plugin engine. Now is possible to exclude plugins from being executed
The IncludedAzureActiveDirectory parameter was renamed to IncludeAzureAD
Rename Office365 with Microsoft365
Fix authentication logic
Fix rule logic in monkeyruleset module.
Fix typo errors

Full Changelog: v0.7-beta...v0.85-beta

v0.7-beta

What's Changed

• Rename of Azure Security Center to Defender for Cloud by @f-bader in #11
• Improved documentation and examples (https://silverhack.github.io/monkey365/)
• Major update in the plugin engine. Now is possible to exclude plugins from being executed
• The ExcludedResources dynamic parameter was added to the main module to allow to exclude resources that are not managed by the company
• Rename Office365 with Microsoft365
• Fix authentication logic when no tenant is selected
• Fix capital letters in HTML report.
• Add support for non indexed disks
• Fix subscription option and typo errors

New Contributors

• @f-bader made their first contribution in #11

Special thanks

Special thanks to:
@hardinxcore
@digitalarche
@FrankSchuurman68

Full Changelog: https://github.com/silverhack/monkey365/commits/v0.7-beta