CSEC_PUBLIC/WELA
1
0
Fork 0
mirror of https://github.com/Yamato-Security/WELA.git synced 2025-12-06 17:22:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: check size setting

Browse Source
This commit is contained in:
fukusuket
2025-04-17 23:46:14 +09:00
parent 5cfff69738
commit 1052a795b1
1 changed files with 21 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
WELA.ps1
View File

@@ -1431,28 +1431,28 @@ function AuditLogSetting {
function AuditFileSize {
# 対象のイベントログ名をハッシュテーブル化
$logNames = @{
"Application" = @("20MB", "128MB+")
"Microsoft-Windows-AppLocker/EXE and DLL" = @("1MB", "256MB+")
"Microsoft-Windows-AppLocker/MSI and Script" = @("1MB", "256MB+")
"Microsoft-Windows-AppLocker/Packaged app-Deployment" = @("1MB", "256MB+")
"Microsoft-Windows-AppLocker/Packaged app-Execution" = @("1MB", "256MB+")
"Microsoft-Windows-Bits-Client/Analytic" = @("1MB", "128MB+")
"Microsoft-Windows-Bits-Client/Operational" = @("1MB", "128MB+")
"Microsoft-Windows-CodeIntegrity/Operational" = @("1MB", "128MB+")
"Microsoft-Windows-DriverFrameworks-UserMode/Operational" = @("1MB", "128MB+")
"Microsoft-Windows-PowerShell/Operational" = @("20MB", "256MB+")
"Microsoft-Windows-PrintService/Admin" = @("1MB", "128MB+")
"Microsoft-Windows-PrintService/Operational" = @("1MB", "128MB+")
"Microsoft-Windows-Security-Mitigations/KernelMode" = @("1MB", "128MB+")
"Microsoft-Windows-Security-Mitigations/UserMode" = @("1MB", "128MB+")
"Microsoft-Windows-SmbClient/Security" = @("8MB", "128MB+")
"Microsoft-Windows-TaskScheduler/Operational" = @("1MB", "128MB+")
"Microsoft-Windows-TerminalServices-LocalSessionManager/Operational" = @("1MB", "128MB+")
"Application" = @("20 MB", "128 MB+")
"Microsoft-Windows-AppLocker/EXE and DLL" = @("1 MB", "256 MB+")
"Microsoft-Windows-AppLocker/MSI and Script" = @("1 MB", "256 MB+")
"Microsoft-Windows-AppLocker/Packaged app-Deployment" = @("1 MB", "256 MB+")
"Microsoft-Windows-AppLocker/Packaged app-Execution" = @("1 MB", "256 MB+")
"Microsoft-Windows-Bits-Client/Analytic" = @("1 MB", "128 MB+")
"Microsoft-Windows-Bits-Client/Operational" = @("1 MB", "128 MB+")
"Microsoft-Windows-CodeIntegrity/Operational" = @("1 MB", "128 MB+")
"Microsoft-Windows-DriverFrameworks-UserMode/Operational" = @("1 MB", "128 MB+")
"Microsoft-Windows-PowerShell/Operational" = @("20 MB", "256 MB+")
"Microsoft-Windows-PrintService/Admin" = @("1 MB", "128 MB+")
"Microsoft-Windows-PrintService/Operational" = @("1 MB", "128 MB+")
"Microsoft-Windows-Security-Mitigations/KernelMode" = @("1 MB", "128 MB+")
"Microsoft-Windows-Security-Mitigations/UserMode" = @("1 MB", "128 MB+")
"Microsoft-Windows-SmbClient/Security" = @("8 MB", "128 MB+")
"Microsoft-Windows-TaskScheduler/Operational" = @("1 MB", "128 MB+")
"Microsoft-Windows-TerminalServices-LocalSessionManager/Operational" = @("1 MB", "128 MB+")
"Microsoft-Windows-Windows Defender/Operational" = @("16MB", "128MB+")
"Microsoft-Windows-Windows Firewall With Advanced Security/Firewall" = @("1MB", "256MB+")
"Security" = @("20MB", "256MB+")
"System" = @("20MB", "128MB+")
"Windows PowerShell" = @("15MB", "256MB+")
"Microsoft-Windows-Windows Firewall With Advanced Security/Firewall" = @("1 MB", "256 MB+")
"Security" = @("20 MB", "256 MB+")
"System" = @("20 MB", "128 MB+")
"Windows PowerShell" = @("15 MB", "256 MB+")
}
$results = @()