From 5dcc297d7a496a726d978e700e1da9a4e86b1f2d Mon Sep 17 00:00:00 2001 From: fukusuket <41001169+fukusuket@users.noreply.github.com> Date: Fri, 21 Mar 2025 08:08:12 +0900 Subject: [PATCH] chg: Output horizontally --- WELA.ps1 | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/WELA.ps1 b/WELA.ps1 index 7c757dd0..40641121 100644 --- a/WELA.ps1 +++ b/WELA.ps1 @@ -98,6 +98,13 @@ function CalculateUsableRate { return $result } +function CalculateTotalUsableRate { + param ($usableRate) + $totalUsable = ($usableRate | Measure-Object -Property UsableCount -Sum).Sum + $totalRulesCount = ($usableRate | Measure-Object -Property TotalCount -Sum).Sum + return "{0:N2}" -f ($totalUsable / $totalRulesCount * 100) +} + function ShowRulesCountsByLevel { param ($usableRate, $msg) Write-Output $msg @@ -198,12 +205,15 @@ $pwsModStatus = if ($pwsModEnabled) { "Enabled" } else { "Disabled" } $pwsSrcStatus = if ($pwsScrEnabled) { "Enabled" } else { "Disabled" } # 123 / 1860 (6%) +$totalUsableSecRate = CalculateTotalUsableRate -usableRate $usableSecRate +$totalUsablePwsClaRate = CalculateTotalUsableRate -usableRate $usablePwsClaRate +$totalUsablePwsModRate = CalculateTotalUsableRate -usableRate $usablePwsModRate +$totalUsablePwsScrRate = CalculateTotalUsableRate -usableRate $usablePwsScrRate - -ShowRulesCountsByLevel -usableRate $usableSecRate -msg "Security event log detection rules: (Partially Enabled)" -ShowRulesCountsByLevel -usableRate $usablePwsClaRate -msg "PowerShell classic logging detection rules: (Enabled)" -ShowRulesCountsByLevel -usableRate $usablePwsModRate -msg "PowerShell module logging detection rules: ($pwsModStatus)" -ShowRulesCountsByLevel -usableRate $usablePwsScrRate -msg "PowerShell script block logging detection rules: ($pwsSrcStatus)" +ShowRulesCountsByLevel -usableRate $usableSecRate -msg "Security event log detection rules: $totalUsableSecRate (Partially Enabled)" +ShowRulesCountsByLevel -usableRate $usablePwsClaRate -msg "PowerShell classic logging detection rules: $totalUsablePwsClaRate (Enabled)" +ShowRulesCountsByLevel -usableRate $usablePwsModRate -msg "PowerShell module logging detection rules: $totalUsablePwsModRate ($pwsModStatus)" +ShowRulesCountsByLevel -usableRate $usablePwsScrRate -msg "PowerShell script block logging detection rules: $totalUsablePwsScrRate ($pwsSrcStatus)" Write-Output "Usable detection rules list saved to: UsableRules.csv" Write-Output "Unusable detection rules list saved to: UnusableRules.csv"