nccgroup / azucar Goto Github PK

Is Excel required to generate the Excel formatted output? Office is something not typically installed into an Azure AD environment.

Is there an accepted process to run this from a workstation remotely that would have the necessary prerequisites installed?

Here are examples of the command switches used with no effect:

PS C:\azucar-master> .\Azucar.ps1 -ExportTo EXCEL,CSV,XML,JSON -Verbose -Instance AzureCloud -Analysis ALL
PS C:\azucar-master> .\Azucar.ps1 -ExportTo EXCEL -Verbose -Instance AzureCloud -Analysis ALL
PS C:\azucar-master> .\Azucar.ps1 -ExportTo EXCEL -Verbose -Analysis ALL
PS C:\azucar-master> .\Azucar.ps1 -ExportTo EXCEL -Verbose
Please find attached a image of the errors

We did collect data in the CSV Report, JSON Report, and XML Reports for Active directory and security. Is there any way to convert these source files into the Excel output running one of the other subordinate PS scripts within azucar?

Many Thanks in Advance for your time and effort!
-Bob

I'm seeing a lot of 400 Bad Request errors, is this expected? Any pointers how to debug?

I can not seem to get Storage accounts to have anything in the excel. We are not using classic storage accounts That does error.

DEBUG: [11:13:51:211] [Get-AzSecRMObject] - Get request for object type 'storageAccounts' succeeded.
DEBUG: [11:13:51:212] [Get-AzSecAADLinkedObject] - Get request for object type 'Azure Archive Storage Admins' succeeded.
WARNING: [11:13:51:215] [Get-AzStorageAccounts] - The 'Storage Accounts' query didn't return any data in 'Storage Accounts' tenant

It seems that it fails to login when one is attempting to provide credentials with MFA.
The module doesn't request the code which generates the following code:
[Exception][Authorize-Tenant][407]:Exception calling "GetResult" with "0" argument(s): "Failed to acquire token silently as no token was found in the cache. Call method AcquireToken"

For the asset "Azure Active Directory", I observed that when I run the command .\Azucar.ps1 -ExportTo CSV -Verbose -Instance AzureCloud -Analysis All and open the CSV report with the name "DirectoryRoles", the number of members for each directory role provided by the last column titled "Members" shows incorrect number of members as one more than the actual number of members. This holds true only if the number of members of a directory role is non-zero.

I was able to get the JSON and XML reports. However, not the EXCEL and CSV report. How can we generate the report as shown in the sample report .

I used the -ExportTo CSV,JSON,XML,EXCEL command to export into respective formats. However, EXCEL report format folder is always empty.

Currently there is an issue with the name of AzureUSGovernment instance which makes government cloud not working, please replace "Government" with "AzureUSGovernment" in the endpoints.ps1 since this will fix the issue. Thanks, awesome work!

Hoping to be able to run this on Powershell for Mac. Getting this error, is IE really required or can this be tweaked to support Mac?

Get-ItemProperty : Cannot find drive. A drive with the name 'HKLM' does not exist.
At ~/azucar/Azucar.ps1:274 char:69

• ... gumentList (Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Internet Explo ...

•             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

• CategoryInfo : ObjectNotFound: (HKLM:String) [Get-ItemProperty], DriveNotFoundException
• FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.GetItemPropertyCommand

New-Object : Exception calling ".ctor" with "4" argument(s): "Version's parameters must be greater than or equal to zero.
Parameter name: build"
At ~/azucar/Azucar.ps1:275 char:18

• $ieVersion = New-Object -TypeName System.Version -ArgumentList (
  

•              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

• CategoryInfo : InvalidOperation: (:) [New-Object], MethodInvocationException
• FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand

[Exception][Main][286]:Internet Explorer 11 or later required. Current IE version is '0.0'.

I was able to get the CSV, JSON and XML reports. However, not the EXCEL report. How can we generate the report as shown in the sample report .

I used the -ExportTo CSV,JSON,XML,EXCEL command to export into respective formats. However, EXCEL report format folder is always empty.

I'm trying to use Azucar to retrieve information about only Azure Active Directory. The account I'm using doesn't have access to any subscriptions.

My command and output:

PS C:\SomeDirectory> .\Azucar.ps1 -TenantID <redacted> -ForceAuth -ExportTo CSV,JSON,XML,EXCEL -Analysis ActiveDirectory
https://management.azure.com/subscriptions?api-version=2016-06-01
[Exception][Main][661]:Unable to retrieve resource groups....

I'm guessing the code doesn't account for the possibility of not having any subscriptions, even though I specify to only check Azure AD.

First of all thanks for putting this code. I am trying for this kind of Audits on Azure resources. One questions is, how can I make use of this data. Lets, say in classic endpoints data audit, I need to call out Remote Desktop endpoint as non-compliant. Your code is almost pulling all the data but is not saying if the resource is compliant or not. How can I achieve this?

It would be really really helpful if there was a Docker image (or Vagrant box) that we could build to run Azucar.

My colleagues and I mostly run Macs, and currently Azucar only supports windows.

I am trying to run the tool in all my subscriptions. But, It is asking to choose specific subscription. Could you please help me, how can I run the tool on all subscriptions? Any plugins? Any suggestions?

Hi

I am receiving the following error when trying to generate output:

JSON Task: Generating JSON report for data retrieved from 'xxxX-XXXX-XXXX-XXX' [Exception][Generate-Json][84]:System.Management.Automation.ParameterBindingArgumentTransformationException: Cannot proc ess argument transformation on parameter 'DirectoryName'. Cannot convert value to type System.String. ---> System.Manage ment.Automation.ArgumentTransformationMetadataException: Cannot convert value to type System.String. ---> System.Managem ent.Automation.PSInvalidCastException: Cannot convert value to type System.String. en System.Management.Automation.ArgumentTypeConverterAttribute.Transform(EngineIntrinsics engineIntrinsics, Object in putData, Boolean bindingParameters, Boolean bindingScriptCmdlet) --- Fin del seguimiento de la pila de la excepción interna --- en System.Management.Automation.ArgumentTypeConverterAttribute.Transform(EngineIntrinsics engineIntrinsics, Object in putData, Boolean bindingParameters, Boolean bindingScriptCmdlet) en System.Management.Automation.ParameterBinderBase.BindParameter(CommandParameterInternal parameter, CompiledCommand Parameter parameterMetadata, ParameterBindingFlags flags) --- Fin del seguimiento de la pila de la excepción interna --- en System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception exc eption) en lambda_method(Closure , Object[] , StrongBox1[] , InterpretedFrame )
`

Hi,

I came up with the following error:

By Calling: .\azucar.ps1

Exception calling "LoadFrom" with "1" argument(s): "Could not load file or assembly 'file:///C:\azucar-master\Libs\Microsoft.IdentityModel.Clients.ActiveDirectory.WindowsForms.dll' or one of its dependencies. Operation is not supported.

Hi, I am having issue in Azure Network Security Rules section. Although I have configured my NSG but it's not properly showing up in report. SourceAddressPrefix is completely empty/blank whereas there are IPs in source address in Azure portal.

please help.

While running azucar script, only 50 VMs data getting pulled to CSV from Azure environments. Not so sure it is a problem with pagination or importing to CSV. Only first 50 getting enlisted in CSV and then to xlsx.

I get the following errors ... When I execute the script with -ExportTo CSV,JSON,XML,EXCEL
Generate-CSV : Cannot process argument transformation on parameter 'TenantID'. Cannot convert value to type
System.String.
At C:\Temp\azucar-master\Azucar.ps1:157 char:79

• ... nerate-CSV -ObjectData $Dataset -RootPath $Report -TenantID $TenantID

•                                                             ~~~~~~~~~
  

  • CategoryInfo : InvalidData: (:) [Generate-CSV], ParameterBindingArgumentTransformationException
  • FullyQualifiedErrorId : ParameterArgumentTransformationError,Generate-CSV

Generate-Json : Cannot process argument transformation on parameter 'TenantID'. Cannot convert value to type
System.String.
At C:\Temp\azucar-master\Azucar.ps1:161 char:80

• ... erate-Json -ObjectData $Dataset -RootPath $Report -TenantID $TenantID

•                                                             ~~~~~~~~~
  

  • CategoryInfo : InvalidData: (:) [Generate-Json], ParameterBindingArgumentTransformationException
  • FullyQualifiedErrorId : ParameterArgumentTransformationError,Generate-Json

Generate-XML : Cannot process argument transformation on parameter 'TenantID'. Cannot convert value to type
System.String.
At C:\Temp\azucar-master\Azucar.ps1:165 char:79

• ... nerate-XML -ObjectData $Dataset -RootPath $Report -TenantID $TenantID

•                                                             ~~~~~~~~~
  

  • CategoryInfo : InvalidData: (:) [Generate-XML], ParameterBindingArgumentTransformationException
  • FullyQualifiedErrorId : ParameterArgumentTransformationError,Generate-XML

Generate-Excel : Cannot process argument transformation on parameter 'TenantID'. Cannot convert value to type
System.String.
At C:\Temp\azucar-master\Azucar.ps1:170 char:115

• ... tting -HeaderStyle $HeaderStyle -RootPath $Report -TenantID $TenantID

•                                                             ~~~~~~~~~
  

  • CategoryInfo : InvalidData: (:) [Generate-Excel], ParameterBindingArgumentTransformationException
  • FullyQualifiedErrorId : ParameterArgumentTransformationError,Generate-Excel

I tried installed powershell on my MAC using this doc.
https://docs.microsoft.com/en-us/powershell/scripting/setup/installing-powershell-core-on-macos?view=powershell-6

Getting this error when I try to run the Azucar.ps1

/git/azucar> ./Azucar.ps1
Get-ItemProperty : Cannot find drive. A drive with the name 'HKLM' does not exist.
At /Users/shivankarmadaan/git/azucar/Azucar.ps1:274 char:69
+ ... gumentList (Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Internet Explo ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : ObjectNotFound: (HKLM:String) [Get-ItemProperty], DriveNotFoundException
+ FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.GetItemPropertyCommand

New-Object : Exception calling ".ctor" with "4" argument(s): "Version's parameters must be greater than or equal to zero.
Parameter name: build"
At /Users/shivankarmadaan/git/azucar/Azucar.ps1:275 char:18
+     $ieVersion = New-Object -TypeName System.Version -ArgumentList (
+                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : InvalidOperation: (:) [New-Object], MethodInvocationException
+ FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand

[Exception][Main][286]:Internet Explorer 11 or later required. Current IE version is '0.0'.

Any idea where I'm wrong.

Hi, How can I select the specific Resource group or Subscription. It seems that audit run on entire tenant.

Thanks in advance.

Authentication is successful, I got list of subscription to choose from, after I select couple of subscription, I got following error.

.\Azucar.ps1 -ExportTo CSV,JSON,XML,EXCEL -ForceAuth
https://management.azure.com/subscriptions?api-version=2016-06-01
Get-AzADALAuthenticationContext : Cannot process argument transformation on parameter 'TenantID'. Cannot convert value to type System.String.
At C:\Users\a507246\ADO_repo\azucar-master\core\api\auth\azureauth.ps1:500 char:104

• ... ionContext -Login $Environment.Login -TenantID $Subscription.TenantID

•                                                ~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidData: (:) [Get-AzADALAuthenticationContext], ParameterBindingArgumentTransformationException
  • FullyQualifiedErrorId : ParameterArgumentTransformationError,Get-AzADALAuthenticationContext

With .\Azucar.ps1 -ExportTo CSV, it is taking default credentials. How can I run this against another tenant?