From 67506f2249aed97b8dfc67648000a7ea00f626f3 Mon Sep 17 00:00:00 2001
From: fukusuket <41001169+fukusuket@users.noreply.github.com>
Date: Sun, 5 Oct 2025 14:15:53 +0900
Subject: [PATCH] fix: update NTLM operational channels in WELA.ps1

---
 WELA.ps1 | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/WELA.ps1 b/WELA.ps1
index 40231462..232eb2da 100644
--- a/WELA.ps1
+++ b/WELA.ps1
@@ -350,7 +350,7 @@ function GuideYamatoSecurity
     # NTLM Operational
     $guid    = ""
     $eids     = @()
-    $channels = @("Microsoft-Windows-Diagnosis-Scripted/Operational")
+    $channels = @("Microsoft-Windows-NTLM/Operational")
     $enabled  = $true
     $rules    = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
     $rules    | ForEach-Object { $_.applicable = $enabled }
@@ -1545,7 +1545,7 @@ function GuideASD {
     # NTLM Operational
     $guid    = ""
     $eids     = @()
-    $channels = @("Microsoft-Windows-Diagnosis-Scripted/Operational")
+    $channels = @("Microsoft-Windows-NTLM/Operational")
     $enabled  = $true
     $rules    = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
     $rules    | ForEach-Object { $_.applicable = $enabled }
@@ -2743,7 +2743,7 @@ function GuideMSC {
     # NTLM Operational
     $guid    = ""
     $eids     = @()
-    $channels = @("Microsoft-Windows-Diagnosis-Scripted/Operational")
+    $channels = @("Microsoft-Windows-NTLM/Operational")
     $enabled  = $true
     $rules    = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
     $rules    | ForEach-Object { $_.applicable = $enabled }
@@ -3941,7 +3941,7 @@ function GuideMSS {
     # NTLM Operational
     $guid    = ""
     $eids     = @()
-    $channels = @("Microsoft-Windows-Diagnosis-Scripted/Operational")
+    $channels = @("Microsoft-Windows-NTLM/Operational")
     $enabled  = $true
     $rules    = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
     $rules    | ForEach-Object { $_.applicable = $enabled }