CSEC_PUBLIC/WELA
1
0
Fork 0
mirror of https://github.com/Yamato-Security/WELA.git synced 2025-12-06 17:22:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

doc: add readme

Browse Source
This commit is contained in:
fukusuket
2025-05-12 11:16:35 +09:00
parent 599b4dedb5
commit 902da44231
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@@ -93,7 +93,7 @@ Please download the latest stable version of WELA from the [Releases](https://gi
# Command Usage
## audit-settings
`audit-settings` command checks the Windows Event Log audit policy settings and compares them with the recommended settings from **Yamato Security**, **Microsoft(Sever/Client)**, and **Australian Signals Directorate (ASD)**.
`audit-settings` command checks the Windows Event Log audit policy settings and compares them with the recommended settings from **[Yamato Security](https://github.com/Yamato-Security/EnableWindowsLogSettings)**, **[Microsoft(Sever/Client)](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/audit-policy-recommendations)**, and **[Australian Signals Directorate (ASD)](https://www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/system-monitoring/windows-event-logging-and-forwarding)**.
#### `audit-settings` command examples
Check by YamatoSecurity(Default) recommend setting and save to CSV:
@@ -134,6 +134,7 @@ Update WELA's Sigma rules config files:
# Other Windows Event Log Audit Related Resources
* [EnableWindowsLogSettings](https://github.com/Yamato-Security/EnableWindowsLogSettings) Yamato Security's Windows Event Log Configuration Guide For DFIR And Threat Hunting.
* [Audit Policy Recommendations](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/audit-policy-recommendations)
* [Windows event logging and forwarding](https://www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/system-monitoring/windows-event-logging-and-forwarding)
* [A Data-Driven Approach to Windows Advanced Audit Policy What to Enable and Why](https://www.splunk.com/en_us/blog/security/windows-audit-policy-guide.html)
@@ -159,6 +160,9 @@ At the least, **if you like our tools and resources, then please give us a star
* Fukusuke Takahashi (core developer)
* Zach Mathis (project leader, tool design, testing, etc...) (@yamatosecurity)
# Acknowledgements
# Twitter
You can receive the latest news about WELA, rule updates, other Yamato Security tools, etc... by following us on Twitter at [@SecurityYamato](https://twitter.com/SecurityYamato).