How EtcSec audits identity across Active Directory and Microsoft Entra ID: 498 detectors, MITRE ATT&CK mapping, ANSSI / NIS2 / HDS compliance and a continuous remediation workflow.
Run our lightweight Docker collector on your network. It connects securely to your identity provider via LDAP (AD), Graph API (Azure), or Admin SDK (Google Workspace).
Connect to your collector from our web interface. The audit engine analyzes named detections for Active Directory and Entra ID with live progress tracking.
Receive a prioritized list of vulnerabilities with remediation scripts and compliance mapping. Export as PDF for stakeholders or JSON for integration.
The collector runs on your infrastructure — you control the deployment. In standalone mode, all data stays local. In SaaS mode, data is securely transmitted to the dashboard for analysis.
498 unique detectors across Active Directory and Microsoft Entra ID
On-premises identity
Microsoft cloud identity
Aligned with industry frameworks
Everything you need to walk into a GRC or security meeting with real numbers — not a 60-page PDF nobody will read.
Weighted against 498 detectors — higher is safer. Track drift after every audit.
Every weakness, sorted by severity and exploitability, with affected users / computers / groups.
Each finding tagged with the attacker tactic and technique so you can brief SOC or red team in plain language.
Copy-ready PowerShell and Graph snippets. Close the low-hanging fixes before the meeting ends.
One-click export for audit files, compliance reviews or board readouts — no watermark.
ANSSI, NIS2, HDS, ISO 27001 mappings on every finding so your audit files fill themselves.
A systematic review of your Active Directory or Entra ID tenant against known misconfigurations, privileged-access weaknesses, password policies, Kerberos attacks, ADCS issues and lateral-movement paths. EtcSec runs 498 checks across both directories in under 5 minutes.
Continuously. The threat surface shifts with every new user, group, GPO or permission change. Most teams run a full audit weekly and a lightweight scan daily. EtcSec Premium automates the schedule.
No. A pentest validates exploitability against a human attacker; an audit catches misconfigurations before they become the pentester's opening move. Use both — EtcSec feeds the pentest scope.
Yes. Every finding is mapped to ANSSI PA-099 (v1.0, 2023), BP-039 and the ANSSI Hygiene Guide, plus NIS2, HDS, RGPD, CIS v8, NIST 800-53 and DISA STIG. You can export PDFs structured by framework.
It runs read-only LDAP and Graph queries, serializes the result into structured JSON, and uploads it over TLS. It never modifies AD or Entra. Source is on GitHub — audit it yourself.
Yes. Point the trial or the collector at your tenant with a read-only Graph app and you get 158 Entra ID detectors covering Conditional Access, MFA, PIM, guest users, app permissions and risky sign-ins.
Audit data is encrypted at rest in Postgres hosted in the EU. Credentials are encrypted in memory only — never written to disk. Trial data is purged after 7 days automatically.
Yes — the free trial at /trial runs a full audit anonymously in under 2 minutes. No credit card, no email required. Sign up only if you want to keep the report past 7 days.
ANSSI (PA-099, BP-039, Hygiene Guide), NIS2, HDS, RGPD, CIS v8, NIST 800-53, DISA STIG. Each finding carries tags so you can filter by framework.
Yes — PDF for stakeholders, JSON for integration with SIEM/SOAR, CSV for spreadsheets. Trial exports are free; Premium accounts get unlimited and historical exports.
Explore detailed pages for Active Directory, Entra ID, ETC Collector deployment, and side-by-side product comparisons.
Review the landing page focused on Tier 0, Kerberos, delegation, ADCS, and remediation priorities.
See the Entra ID page covering Conditional Access, MFA, PIM, app permissions, and guest exposure.
Compare PingCastle with ETC Collector for recurring AD audits and standalone collection workflows.
Compare Purple Knight with ETC Collector for AD plus Entra ID reviews and recurring follow-up.
Review ETC Collector, its local deployment modes, and how teams run standalone or recurring audits.
Standalone mode available • No credit card required • Results in minutes
Last updated · by the EtcSec security team
