GithubHelp home page GithubHelp logo

turbot / steampipe-mod-microsoft365-compliance Goto Github PK

View Code? Open in Web Editor NEW
18.0 10.0 4.0 6.07 MB

Run individual controls or full compliance benchmarks for CIS across all of your Microsoft 365 and Office 365 tenants using Powerpipe and Steampipe.

Home Page: https://hub.powerpipe.io/mods/turbot/microsoft365_compliance

License: Apache License 2.0

HCL 100.00%
azuread cis cis-benchmark compliance office365 security steampipe steampipe-mod hacktoberfest microsoft365

steampipe-mod-microsoft365-compliance's Introduction

Microsoft 365 Compliance Mod for Powerpipe

Important

Powerpipe is now the preferred way to run this mod! Migrating from Steampipe →

All v0.x versions of this mod will work in both Steampipe and Powerpipe, but v1.0.0 onwards will be in Powerpipe format only.

20+ checks covering industry defined security best practices for Microsoft 365. Includes full support for CIS v1.4,CIS v1.5,CIS v2.0 and CIS v3.0.0 compliance benchmarks across all of your Microsoft 365 tenants.

Includes full support for the CIS v3.0.0 Microsoft 365 benchmarks.

Run checks in a dashboard: image

Or in a terminal: image

Documentation

Getting Started

Installation

Install Powerpipe (https://powerpipe.io/downloads), or use Brew:

brew install turbot/tap/powerpipe

This mod also requires Steampipe with the Microsoft 365 plugin and Azuread plugin as the data source. Install Steampipe (https://steampipe.io/downloads), or use Brew:

brew install turbot/tap/steampipe
steampipe plugin install microsoft365
steampipe plugin install azuread

Steampipe will automatically use your default Microsoft 365 and Azuread credentials. Optionally, you can setup multiple tenants for Azuread or customize Azure AD credentials or customize Microsoft 365 credentials.

Finally, install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-office365-compliance

Browsing Dashboards

Start Steampipe as the data source:

steampipe service start

Start the dashboard server:

powerpipe server

Browse and view your dashboards at http://localhost:9033.

Running Checks in Your Terminal

Instead of running benchmarks in a dashboard, you can also run them within your terminal with the powerpipe benchmark command:

List available benchmarks:

powerpipe benchmark list

Run a benchmark:

powerpipe benchmark run microsoft365_compliance.benchmark.cis_v300_1_1

Different output formats are also available, for more information please see Output Formats.

Common and Tag Dimensions

The benchmark queries use common properties (like connection_name and tenant_id) and tags that are defined in the form of a default list of strings in the variables.sp file. These properties can be overwritten in several ways:

It's easiest to setup your vars file, starting with the sample:

cp steampipe.spvars.example steampipe.spvars
vi steampipe.spvars

Alternatively you can pass variables on the command line:

powerpipe benchmark run microsoft365_compliance.benchmark.cis_v300_1_1 --var 'common_dimensions=["connection_name", "tenant_id"]'

Or through environment variables:

export PP_VAR_common_dimensions='["connection_name", "tenant_id"]'
export PP_VAR_tag_dimensions='["Department", "Environment"]'
powerpipe benchmark run microsoft365_compliance.benchmark.cis_v300_1_1

Open Source & Contributing

This repository is published under the Apache 2.0 license. Please see our code of conduct. We look forward to collaborating with you!

Steampipe and Powerpipe are products produced from this open source software, exclusively by Turbot HQ, Inc. They are distributed under our commercial terms. Others are allowed to make their own distribution of the software, but cannot use any of the Turbot trademarks, cloud services, etc. You can learn more in our Open Source FAQ.

Get Involved

Join #powerpipe on Slack →

Want to help but don't know where to start? Pick up one of the help wanted issues:

steampipe-mod-microsoft365-compliance's People

Contributors

andrew-bennett avatar cbruno10 avatar khushboo9024 avatar madhushreeray30 avatar misraved avatar priyanka-chatterjee-2000 avatar rajlearner17 avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

andrew-bennett atindermann codeswallow danielmiu

steampipe-mod-microsoft365-compliance's Issues

Extend M365 CIS Benchmark v3 Chapter 6,7,8 and 9.

Is your feature request related to a problem? Please describe.
The steampipe project works very well, but I wish the CIS benchmark for M365 also covered chapters 6 to 9.

Describe the solution you'd like
It would be very helpful to integrate the following modules into steampipe as well:

6 Exchange admin center
7 SharePoint admin center
8 Microsoft Teams admin center
9 Microsoft Fabric

Add CIS Microsoft 365 Foundations Benchmark v1.5.0 - (08-31-2022)

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Controls should reference their query using `query =` rather than `sql =`

It's simpler in code and readability to reference queries using the query = attribute rather than the sql = attribute.

This occurs throughout the mod, but as a specific example:

steampipe-mod-microsoft365-compliance/cis_v140/section_1.sp

Lines 50 to 63 in a9cfb6f

control "cis_v140_1_1_1" {
title = "1.1.1 Ensure multifactor authentication is enabled for all users in administrative roles"
description = "Enable multifactor authentication for all users who are members of administrative roles in the Microsoft 365 tenant."
sql = query.azuread_admin_user_mfa_enabled.sql
documentation = file("./cis_v140/docs/cis_v140_1_1_1.md")
tags = merge(local.cis_v140_1_1_common_tags, {
cis_item_id = "1.1.1"
cis_level = "1"
cis_type = "automated"
microsoft_365_license = "E3"
service = "Azure/ActiveDirectory"
})
}

Could be changed from:

sql           = query.azuread_admin_user_mfa_enabled.sql

to:

query         = query.azuread_admin_user_mfa_enabled

Add support for CIS Microsoft 365 Foundations Benchmark v3.0.0 - [09-29-2023]

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Add CIS Microsoft 365 Foundations Benchmark v2.0.0 - (03-31-2023)

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

CIS Reference

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Add common dimensions across compliance queries and migrate queries to service.sp files

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Extend M365 CIS Benchmark v3 Chapter 6,7,8 and 9.

Is your feature request related to a problem? Please describe.
The steampipe project works very well, but I wish the CIS benchmark for M365 also covered chapters 6 to 9.

Describe the solution you'd like
It would be very helpful to integrate the following modules into steampipe as well:

6 Exchange admin center
7 SharePoint admin center
8 Microsoft Teams admin center
9 Microsoft Fabric

[ Wait ] Loading Workspace Error: failed to load workspace: runtime error: invalid memory address or nil pointer dereference

[ Wait ] Loading Workspace
Error: failed to load workspace: runtime error: invalid memory address or nil pointer dereference

Steampipe version (steampipe -v)
v0.18.6

Plugin version (steampipe plugin list)
+-----------------------------------------------------+---------+--------------+
| Installed Plugin | Version | Connections |
+-----------------------------------------------------+---------+--------------+
| hub.steampipe.io/plugins/turbot/aws@latest | 0.123.0 | aws |
| hub.steampipe.io/plugins/turbot/azure@latest | 0.51.0 | azure |
| hub.steampipe.io/plugins/turbot/azuread@latest | 0.14.0 | azuread |
| hub.steampipe.io/plugins/turbot/microsoft365@latest | 0.4.1 | microsoft365 |
| hub.steampipe.io/plugins/turbot/openai@latest | local | |
| hub.steampipe.io/plugins/turbot/steampipe@latest | 0.9.1 | steampipe |
+-----------------------------------------------------+---------+--------------

To reproduce
Steps to reproduce the behavior (please include relevant code and/or commands).
Just runned command
steampipe dashboard

Update mod.sp to address deprecation warning

Describe the bug
The current version of the mod returns a warning due to using the deprecated option version instead of min_version for the azuread and microsoft365plugin.

This issue can be trivially resolved by updating

  require {
    plugin "azuread" {
      version = "0.10.0"
    }
    plugin "microsoft365" {
      version = "0.0.1"
    }
  }

to

  require {
    plugin "azuread" {
      min_version = "0.10.0"
    }
    plugin "microsoft365" {
      min_version = "0.0.1"
    }
  }

**Steampipe version (`steampipe -v`)**
Example: v0.3.0

**Plugin version (`steampipe plugin list`)**
Example: v0.5.0

**To reproduce**
Steps to reproduce the behavior (please include relevant code and/or commands).

**Expected behavior**
A clear and concise description of what you expected to happen.

**Additional context**
Add any other context about the problem here.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.