From 60610bb8a94162e64a8fa4898f7dc395ca74d915 Mon Sep 17 00:00:00 2001
From: fukusuket <41001169+fukusuket@users.noreply.github.com>
Date: Wed, 2 Apr 2025 08:53:03 +0900
Subject: [PATCH] feat: verbose security

---
 WELAVerboseSecAudit.psm1 | 84 ++++++++++++++++++++--------------------
 1 file changed, 42 insertions(+), 42 deletions(-)

diff --git a/WELAVerboseSecAudit.psm1 b/WELAVerboseSecAudit.psm1
index bd93636a..32689f88 100644
--- a/WELAVerboseSecAudit.psm1
+++ b/WELAVerboseSecAudit.psm1
@@ -1,46 +1,46 @@
 function ShowVerboseSecurity {
-    $m_credential_validation = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_kerberos_authentication_service = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_kerberos_sevice_ticket_operations = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_computer_account_management = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_other_account_management = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_security_group_management = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_user_account_management = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_plug_and_play_events = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_process_creation = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_process_termination = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_rpc_events = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_token_right_adjusted_events = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_directory_service_access = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_account_lockout = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_logoff = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_logon = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_other_logon_logoff_events = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_special_logon = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_certification_services = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_detailed_file_share = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_file_share = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_file_system = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_filtering_platform_connection = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_filtering_platform_packet_drop = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_kernel_object = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_handle_manipulation = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_other_object_access_events = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_registry = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_removable_storage = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_sam = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_audit_policy_change = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_authentication_policy_change = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_authorization_policy_change = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_filtering_platform_policy_change = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_mpssvc_rule_level_policy_change = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_other_policy_change_events = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_non_sensitive_use_events = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_sensitive_privilege_use = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_other_system_events = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_security_state_change = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_security_system_extension = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
-    $m_system_integrity = "disabled (critical: 10 ¦ high: 100 ¦ medium ¦ low: 10, info: 1000)"
+    $m_credential_validation = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_kerberos_authentication_service = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_kerberos_sevice_ticket_operations = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_computer_account_management = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_other_account_management = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_security_group_management = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_user_account_management = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_plug_and_play_events = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_process_creation = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_process_termination = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_rpc_events = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_token_right_adjusted_events = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_directory_service_access = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_account_lockout = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_logoff = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_logon = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_other_logon_logoff_events = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_special_logon = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_certification_services = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_detailed_file_share = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_file_share = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_file_system = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_filtering_platform_connection = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_filtering_platform_packet_drop = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_kernel_object = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_handle_manipulation = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_other_object_access_events = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_registry = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_removable_storage = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_sam = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_audit_policy_change = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_authentication_policy_change = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_authorization_policy_change = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_filtering_platform_policy_change = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_mpssvc_rule_level_policy_change = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_other_policy_change_events = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_non_sensitive_use_events = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_sensitive_privilege_use = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_other_system_events = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_security_state_change = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_security_system_extension = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
+    $m_system_integrity = "disabled (critical: 10 | high: 100 | medium | low: 10, info: 1000)"
 
     $msg  = @"
 Detailed Security category settings: