From 49a64bb9ca1efa14371570067563bd688647b8e3 Mon Sep 17 00:00:00 2001 From: fukusuket <41001169+fukusuket@users.noreply.github.com> Date: Sat, 10 May 2025 08:33:27 +0900 Subject: [PATCH] fix: add Application --- WELA.ps1 | 21 ++++++++++++++++++ auditpol.txt | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 82 insertions(+) create mode 100644 auditpol.txt diff --git a/WELA.ps1 b/WELA.ps1 index fe787685..35ac0e9a 100644 --- a/WELA.ps1 +++ b/WELA.ps1 @@ -197,6 +197,25 @@ function GuideYamatoSecurity [object[]] $all_rules ) $auditResult = @() + + # Application + $guid = "" + $eids = @() + $channels = @("Application") + $enabled = $true + $rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid } + $rules | ForEach-Object { $_.applicable = $enabled } + $auditResult += [WELA]::New( + "Application", + "", + $enabled, + [array]$rules, + "Enabled", + "Enabled", + "", + "" + ) + # Applocker $guid = "" $eids = @() @@ -1326,6 +1345,7 @@ function GuideASD { ) $auditResult = @() + # Application $guid = "" $eids = @() @@ -2473,6 +2493,7 @@ function GuideMSC { ) $auditResult = @() + # Application $guid = "" $eids = @() diff --git a/auditpol.txt b/auditpol.txt new file mode 100644 index 00000000..65ee10b1 --- /dev/null +++ b/auditpol.txt @@ -0,0 +1,61 @@ +Active code page: 437 +Machine Name,Policy Target,Subcategory,Subcategory GUID,Inclusion Setting,Exclusion Setting +SAMURAI,System, ,{0CCE9211-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System,,{0CCE9212-69AE-11D9-BED3-505054503030},Success and Failure, +SAMURAI,System,IPsec ,{0CCE9213-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System, ,{0CCE9214-69AE-11D9-BED3-505054503030},Success and Failure, +SAMURAI,System,,{0CCE9210-69AE-11D9-BED3-505054503030},Success, +SAMURAI,System,,{0CCE9215-69AE-11D9-BED3-505054503030},Success and Failure, +SAMURAI,System,,{0CCE9216-69AE-11D9-BED3-505054503030},Success, +SAMURAI,System, ,{0CCE9217-69AE-11D9-BED3-505054503030},Success, +SAMURAI,System,IPsec ,{0CCE9218-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System,IPsec ,{0CCE9219-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System,IPsec ,{0CCE921A-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System,,{0CCE921B-69AE-11D9-BED3-505054503030},Success, +SAMURAI,System,/ ,{0CCE921C-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System, ,{0CCE9243-69AE-11D9-BED3-505054503030},Success and Failure, +SAMURAI,System,/,{0CCE9247-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System, ,{0CCE9249-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System, ,{0CCE921D-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System,,{0CCE921E-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System, ,{0CCE921F-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System,SAM,{0CCE9220-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System,,{0CCE9221-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System,,{0CCE9222-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System,,{0CCE9223-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System,,{0CCE9224-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System, ,{0CCE9225-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System, ,{0CCE9226-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System, ,{0CCE9227-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System,,{0CCE9244-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System,,{0CCE9245-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System, ,{0CCE9246-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System,,{0CCE9229-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System,,{0CCE922A-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System,,{0CCE9228-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System,,{0CCE922B-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System,,{0CCE922C-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System,DPAPI ,{0CCE922D-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System,RPC ,{0CCE922E-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System, ,{0CCE9248-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System,,{0CCE924A-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System,,{0CCE922F-69AE-11D9-BED3-505054503030},Success, +SAMURAI,System,,{0CCE9230-69AE-11D9-BED3-505054503030},Success, +SAMURAI,System,,{0CCE9231-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System,MPSSVC ,{0CCE9232-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System, ,{0CCE9233-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System,,{0CCE9234-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System, ,{0CCE9236-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System, ,{0CCE9237-69AE-11D9-BED3-505054503030},Success, +SAMURAI,System,,{0CCE9238-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System, ,{0CCE9239-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System,,{0CCE923A-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System, ,{0CCE9235-69AE-11D9-BED3-505054503030},Success, +SAMURAI,System, ,{0CCE923B-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System, ,{0CCE923C-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System, ,{0CCE923D-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System, ,{0CCE923E-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System,Kerberos ,{0CCE9240-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System, ,{0CCE9241-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System,Kerberos ,{0CCE9242-69AE-11D9-BED3-505054503030},No Auditing, +SAMURAI,System,,{0CCE923F-69AE-11D9-BED3-505054503030},No Auditing,