From 32183f0592eb91e0772ebcf558924588ddf5975e Mon Sep 17 00:00:00 2001 From: fukusuket <41001169+fukusuket@users.noreply.github.com> Date: Sat, 25 Oct 2025 09:03:00 +0900 Subject: [PATCH] fix: enhance WELA.ps1 to handle empty Baseline parameter and update help messages for audit commands --- WELA.ps1 | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/WELA.ps1 b/WELA.ps1 index 1001a4e5..966fe80c 100644 --- a/WELA.ps1 +++ b/WELA.ps1 @@ -5315,6 +5315,10 @@ function Export-MitreHeatmap { function AuditFileSize { + param ( + [string] $Baseline = "YamatoSecurity" + ) + # 対象のイベントログ名をハッシュテーブル化 $logNames = @{ "Application" = @("20 MB", "128 MB+") @@ -5437,8 +5441,6 @@ function ConfigureAuditSettings { exit 1 } - - $autidpolTxt = "./auditpol.txt" if (-not $debug) { Start-Process -FilePath "cmd.exe" -ArgumentList "/c chcp 437 & auditpol /get /category:* /r" -NoNewWindow -Wait -RedirectStandardOutput $autidpolTxt @@ -5814,7 +5816,7 @@ Write-Host $logo -ForegroundColor Green switch ($Cmd.ToLower()) { "audit-settings" { - if ($Help) { + if ($Help -or [string]::IsNullOrEmpty($Baseline)){ Write-Host "Audit current Windows Event Log settings and compare with baseline" Write-Host "" Write-Host "Usage: ./WELA.ps1 audit-settings -Baseline [-OutType ]" @@ -5825,9 +5827,6 @@ switch ($Cmd.ToLower()) { Write-Host "" return } - if ([string]::IsNullOrEmpty($Baseline)) { - $Baseline = "YamatoSecurity" - } $validGuides = @("YamatoSecurity", "ASD", "Microsoft_Client", "Microsoft_Server") if (-not ($validGuides -contains $Baseline.ToLower())) { Write-Host "Invalid Guide specified. Valid options are: YamatoSecurity, ASD, Microsoft_Client, Microsoft_Server." @@ -5836,7 +5835,7 @@ switch ($Cmd.ToLower()) { AuditLogSetting $OutType $Baseline $Debug } "audit-filesize" { - if ($Help) { + if ($Help -or [string]::IsNullOrEmpty($Baseline)){ Write-Host "Audit current Windows Event Log file sizes" Write-Host "" Write-Host "Usage: ./WELA.ps1 audit-filesize -Baseline " @@ -5846,11 +5845,11 @@ switch ($Cmd.ToLower()) { Write-Host "" return } - AuditFileSize + AuditFileSize $Baseline } "configure" { - if ($Help) { + if ($Help -or [string]::IsNullOrEmpty($Baseline)){ Write-Host "Configure Windows Event Log audit settings based on specified baseline" Write-Host "" Write-Host "Usage: ./WELA.ps1 configure -Baseline [-Auto]"