[IncludeSecurity]

Recommend for OS diffing, or OS config vuln scanning?

Former, no idea, the latter is fine with any major COTS product that does vuln scanning (Nessus/Rapid7/whatever) they're all pretty decent for doing an authenticated scan of a host's local config.

[rjzzleep]

I was hoping there would be some interesting new development, but I guess nothing really changed huh? Dell enterprise security will print out a big Nessus report for a lot of money for a normal audit.

[bradknowles]

Have you tried cis-cat? I think it was designed explicitly for that, to scan for local OS vulnerabilities.