revert

2026-04-17 18:21:57 +02:00 · 2025-04-14 09:02:51 +09:00
parent 7580601210
commit 81634679c5
1 changed files with 1 additions and 81 deletions
--- a/WELA.ps1
+++ b/WELA.ps1
@@ -81,10 +81,6 @@
                    }
                    $ruleCounts += ")"
                }
-                if ($this.Category -ne "PowerShell" -and $this.Category -notcontains "Security") {
-                    Write-Host "$($this.Category): $ruleCounts" -ForegroundColor $color
-
-                }
                if ($this.SubCategory) {
                    Write-Host "  - $($this.SubCategory): $ruleCounts" -ForegroundColor $color
                }
@@ -199,78 +195,6 @@ function AuditLogSetting {
    }
    $auditResult = @()

-    # Application
-    $guid    = ""
-    $eids     = @()
-    $channels = @("Application")
-    $enabled  = $true
-    $rules    = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
-    $rules    = ApplyRules -enabled $enabled -rules $all_rules -guid $guid
-    $auditResult += [WELA]::New(
-            "Application",
-            "",
-            $enabled,
-            $rules,
-            "Enabled. 20 MB",
-            "Enabled. 128 MB+",
-            "",
-            ""
-    )
-
-    # Applocker
-    $guid    = ""
-    $eids     = @()
-    $channels = @("Microsoft-Windows-AppLocker/MSI and Script")
-    $enabled  = $true
-    $rules    = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
-    $rules    = ApplyRules -enabled $enabled -rules $all_rules -guid $guid
-    $auditResult += [WELA]::New(
-            "AppLocker",
-            "",
-            $enabled,
-            $rules,
-            "Enabled if AppLocker is enabled? 1 MB",
-            "Enabled. 256 MB+",
-            "",
-            ""
-    )
-
-    # Bits-Client Operational
-    $guid    = ""
-    $eids     = @()
-    $channels = @("Microsoft-Windows-Bits-Client/Operational")
-    $enabled  = $true
-    $rules    = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
-    $rules    = ApplyRules -enabled $enabled -rules $all_rules -guid $guid
-    $auditResult += [WELA]::New(
-            "Bits-Client Operational",
-            "",
-            $enabled,
-            $rules,
-            "Enabled. 1 MB",
-            "Enabled. 128 MB+",
-            "",
-            ""
-    )
-
-    # CodeIntegrity Operational
-    $guid    = ""
-    $eids     = @()
-    $channels = @("Microsoft-Windows-CodeIntegrity/Operational")
-    $enabled  = $true
-    $rules    = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
-    $rules    = ApplyRules -enabled $enabled -rules $all_rules -guid $guid
-    $auditResult += [WELA]::New(
-            "CodeIntegrity Operational",
-            "",
-            $enabled,
-            $rules,
-            "Enabled. 1 MB",
-            "Enabled. 128 MB+",
-            "",
-            ""
-    )
-
    # PowerShell
    ## Classic
    $guid    = ""
@@ -283,11 +207,7 @@ function AuditLogSetting {
            "PowerShell",
            "Classic",
            $enabled,
-            $rules,
-            "Client OS: No Auditing | Server OS: Success",
-            "Client and Server OSes: Success and Failure",
-            "Depends on NTLM usage. Could be high on DCs and low on clients and servers.",
-            ""
+            $rules
    )

    ## Module