fix: update NTLM operational channels in WELA.ps1

2025-12-06 09:12:46 +01:00 · 2025-10-05 14:15:53 +09:00
parent 10ee50caad
commit 67506f2249
1 changed files with 4 additions and 4 deletions
--- a/WELA.ps1
+++ b/WELA.ps1
@@ -350,7 +350,7 @@ function GuideYamatoSecurity
    # NTLM Operational
    $guid    = ""
    $eids     = @()
-    $channels = @("Microsoft-Windows-Diagnosis-Scripted/Operational")
+    $channels = @("Microsoft-Windows-NTLM/Operational")
    $enabled  = $true
    $rules    = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
    $rules    | ForEach-Object { $_.applicable = $enabled }
@@ -1545,7 +1545,7 @@ function GuideASD {
    # NTLM Operational
    $guid    = ""
    $eids     = @()
-    $channels = @("Microsoft-Windows-Diagnosis-Scripted/Operational")
+    $channels = @("Microsoft-Windows-NTLM/Operational")
    $enabled  = $true
    $rules    = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
    $rules    | ForEach-Object { $_.applicable = $enabled }
@@ -2743,7 +2743,7 @@ function GuideMSC {
    # NTLM Operational
    $guid    = ""
    $eids     = @()
-    $channels = @("Microsoft-Windows-Diagnosis-Scripted/Operational")
+    $channels = @("Microsoft-Windows-NTLM/Operational")
    $enabled  = $true
    $rules    = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
    $rules    | ForEach-Object { $_.applicable = $enabled }
@@ -3941,7 +3941,7 @@ function GuideMSS {
    # NTLM Operational
    $guid    = ""
    $eids     = @()
-    $channels = @("Microsoft-Windows-Diagnosis-Scripted/Operational")
+    $channels = @("Microsoft-Windows-NTLM/Operational")
    $enabled  = $true
    $rules    = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
    $rules    | ForEach-Object { $_.applicable = $enabled }