From 0cd793dbcb1760c4780350f8b6e915b75639495b Mon Sep 17 00:00:00 2001 From: fukusuket <41001169+fukusuket@users.noreply.github.com> Date: Fri, 16 May 2025 18:29:05 +0900 Subject: [PATCH] feat: add currentsetting --- WELA.ps1 | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/WELA.ps1 b/WELA.ps1 index 2f9847ea..c81ac155 100644 --- a/WELA.ps1 +++ b/WELA.ps1 @@ -1586,11 +1586,11 @@ function GuideASD { $enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ModuleLogging" -valueName "EnableModuleLogging" -expectedValue 1 $rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid } $rules | ForEach-Object { $_.applicable = $enabled } - + $current = if ($enabled) { "Enabled" } else { "Disabled" } $auditResult += [WELA]::New( "PowerShell", "Module", - $auditpol[$guid], + $current, [array]$rules, "No Auditing", "Enabled", @@ -1605,11 +1605,11 @@ function GuideASD { $enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging" -valueName "EnableScriptBlockLogging" -expectedValue 1 $rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid } $rules | ForEach-Object { $_.applicable = $enabled } - + $current = if ($enabled) { "Enabled" } else { "Disabled" } $auditResult += [WELA]::New( "PowerShell", "ScriptBlock", - $auditpol[$guid], + $current, [array]$rules, "Patially", "Enabled", @@ -2784,11 +2784,11 @@ function GuideMSC { $enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ModuleLogging" -valueName "EnableModuleLogging" -expectedValue 1 $rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid } $rules | ForEach-Object { $_.applicable = $enabled } - + $current = if ($enabled) { "Enabled" } else { "Disabled" } $auditResult += [WELA]::New( "PowerShell", "Module", - $auditpol[$guid], + $current, [array]$rules, "No Auditing", "", @@ -2803,11 +2803,11 @@ function GuideMSC { $enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging" -valueName "EnableScriptBlockLogging" -expectedValue 1 $rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid } $rules | ForEach-Object { $_.applicable = $enabled } - + $current = if ($enabled) { "Enabled" } else { "Disabled" } $auditResult += [WELA]::New( "PowerShell", "ScriptBlock", - $auditpol[$guid], + $current, [array]$rules, "Patially", "", @@ -3982,11 +3982,11 @@ function GuideMSS { $enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ModuleLogging" -valueName "EnableModuleLogging" -expectedValue 1 $rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid } $rules | ForEach-Object { $_.applicable = $enabled } - + $current = if ($enabled) { "Enabled" } else { "Disabled" } $auditResult += [WELA]::New( "PowerShell", "Module", - $auditpol[$guid], + $current, [array]$rules, "No Auditing", "", @@ -4001,11 +4001,11 @@ function GuideMSS { $enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging" -valueName "EnableScriptBlockLogging" -expectedValue 1 $rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid } $rules | ForEach-Object { $_.applicable = $enabled } - + $current = if ($enabled) { "Enabled" } else { "Disabled" } $auditResult += [WELA]::New( "PowerShell", "ScriptBlock", - $auditpol[$guid], + $current, [array]$rules, "Patially", "",