It's notable that if you run this tool on a computer that has onedrive set up, it will start downloading cloud-hosted onedrive files during the filesystem scan phase.
“Attack Surface Analyzer (ASA) is a Microsoft-developed Security tool that analyzes the attack surface of a Windows, Linux or MacOS system and reports on system changes that may have potential security implications that are introduced by the installation of software or by system misconfiguration.“
I've not used inspec but since I intercept a lot of security related concerns/complaints from my client base, I decided to try this out with my company's product.
Honestly, I'm not impressed, as it's about as it's just a straight up diff of some collected metrics from different snapshots with no real context or even mapping of events it diffs to the application/user/process responsible, and the discoverability of what actually changed isn't great.
The reports simply show as HTML text lists (all in red strangely, which I don't like), and unless I'm mistaken, there's no interactivity with them. I suppose it's a nice before and after, but it feels very limited in the information it offers, and I honestly don't like the UI presentation at all. Similarly, the documentation references UI elements that don't exist (for example, it mentions a Results item on the main menu that is not present, and I believe they mean Analyze).
Edit: added to last paragraph since I hit submit too soon.
Recommend for OS diffing, or OS config vuln scanning?
Former, no idea, the latter is fine with any major COTS product that does vuln scanning (Nessus/Rapid7/whatever) they're all pretty decent for doing an authenticated scan of a host's local config.
I was hoping there would be some interesting new development, but I guess nothing really changed huh? Dell enterprise security will print out a big Nessus report for a lot of money for a normal audit.
