Merge pull request #125 from Yamato-Security/add-help

feat: add Help option each command

.github/workflows/check-audit.yml

@@ -20,12 +20,12 @@ jobs:
 
       - name: Run WELA.ps1 audit-settings(PowerShell core)
         run: |
-          ./WELA.ps1 audit-settings
+          ./WELA.ps1 audit-settings -Baseline YamatoSecurity
         shell: pwsh
 
       - name: Run WELA.ps1 audit-filesize(PowerShell core)
         run: |
-          ./WELA.ps1 audit-filesize
+          ./WELA.ps1 audit-filesize -Baseline YamatoSecurity
         shell: pwsh
 
       - name: Output UsableRules.csv(PowerShell core)
@@ -50,12 +50,12 @@ jobs:
 
       - name: Run WELA.ps1 audit-settings(PowerShell 5.1)
         run: |
-          ./WELA.ps1 audit-settings
+          ./WELA.ps1 audit-settings -Baseline YamatoSecurity
         shell: powershell
 
       - name: Run WELA.ps1 audit-filesize(PowerShell 5.1)
         run: |
-          ./WELA.ps1 audit-filesize
+          ./WELA.ps1 audit-filesize -Baseline YamatoSecurity
         shell: powershell
 
       - name: Output UsableRules.csv(PowerShell 5.1)

WELA.ps1

@@ -3,7 +3,8 @@
     [string]$OutType = "std",
     [bool]$Debug = $false,
     [string]$Baseline,
-    [switch]$Auto
+    [switch]$Auto,
+    [switch]$Help
 )
 
 class WELA {
@@ -5314,6 +5315,10 @@ function Export-MitreHeatmap {
 
 
 function AuditFileSize {
+    param (
+        [string] $Baseline = "YamatoSecurity"
+    )
+
     # 対象のイベントログ名をハッシュテーブル化
     $logNames = @{
         "Application" = @("20 MB", "128 MB+")
@@ -5436,8 +5441,6 @@ function ConfigureAuditSettings {
         exit 1
     }
 
-
-
     $autidpolTxt = "./auditpol.txt"
     if (-not $debug) {
         Start-Process -FilePath "cmd.exe" -ArgumentList "/c chcp 437 & auditpol /get /category:* /r" -NoNewWindow -Wait -RedirectStandardOutput $autidpolTxt
@@ -5796,7 +5799,7 @@ $logo = @"
 
 "@
 
-$help = @"
+$usage = @"
 Usage:
   ./WELA.ps1 audit-settings -Baseline YamatoSecurity     # Audit current setting and show in stdout, save to csv
   ./WELA.ps1 audit-settings -Baseline ASD -OutType gui   # Audit current setting and show in gui, save to csv
@@ -5813,8 +5816,16 @@ Write-Host $logo -ForegroundColor Green
 
 switch ($Cmd.ToLower()) {
     "audit-settings"  {
-        if ([string]::IsNullOrEmpty($Baseline)) {
+        if ($Help -or [string]::IsNullOrEmpty($Baseline)){
-            $Baseline = "YamatoSecurity"
+            Write-Host "Audit current Windows Event Log settings and compare with baseline"
+            Write-Host ""
+            Write-Host "Usage: ./WELA.ps1 audit-settings -Baseline <YamatoSecurity|ASD|Microsoft_Client|Microsoft_Server> [-OutType <std|gui|table>]"
+            Write-Host ""
+            Write-Host "Options:"
+            Write-Host "  -Baseline    Specify the baseline (YamatoSecurity, ASD, Microsoft_Client, Microsoft_Server)"
+            Write-Host "  -OutType     Output type: std (default) or gui or table"
+            Write-Host ""
+            return
         }
         $validGuides = @("YamatoSecurity", "ASD", "Microsoft_Client", "Microsoft_Server")
         if (-not ($validGuides -contains $Baseline.ToLower())) {
@@ -5824,10 +5835,31 @@ switch ($Cmd.ToLower()) {
         AuditLogSetting $OutType $Baseline $Debug
     }
     "audit-filesize" {
-        AuditFileSize
+        if ($Help -or [string]::IsNullOrEmpty($Baseline)){
+            Write-Host "Audit current Windows Event Log file sizes"
+            Write-Host ""
+            Write-Host "Usage: ./WELA.ps1 audit-filesize -Baseline <YamatoSecurity>"
+            Write-Host ""
+            Write-Host "Options:"
+            Write-Host "  -Baseline    Specify the baseline (YamatoSecurity)"
+            Write-Host ""
+            return
+        }
+        AuditFileSize $Baseline
     }
 
     "configure" {
+        if ($Help -or [string]::IsNullOrEmpty($Baseline)){
+            Write-Host "Configure Windows Event Log audit settings based on specified baseline"
+            Write-Host ""
+            Write-Host "Usage: ./WELA.ps1 configure -Baseline <YamatoSecurity> [-Auto]"
+            Write-Host ""
+            Write-Host "Options:"
+            Write-Host "  -Baseline    Specify the baseline (YamatoSecurity)"
+            Write-Host "  -Auto        Automatically configure without prompts"
+            Write-Host ""
+            return
+        }
         if ([string]::IsNullOrEmpty($Baseline)) {
             Write-Host "You need to specify a baseline. The following baselines are available:"
             Write-Host "  * YamatoSecurity"
@@ -5835,19 +5867,29 @@ switch ($Cmd.ToLower()) {
             Write-Host "Examples: "
             Write-Host "./WELA.ps1 configure -Baseline YamatoSecurity"
             Write-Host "./WELA.ps1 configure -Baseline YamatoSecurity -Auto"
+            Write-Host ""
             break
         }
         ConfigureAuditSettings -Baseline $Baseline -Auto:$Auto
     }
 
     "update-rules" {
+        if ($Help) {
+            Write-Host "Update detection rule configuration files from GitHub repository"
+            Write-Host ""
+            Write-Host "Usage: ./WELA.ps1 update-rules"
+            Write-Host ""
+            Write-Host "Download and update rule configuration files from GitHub repository"
+            Write-Host ""
+            return
+        }
         UpdateRules
     }
     "help" {
-        Write-Host $help
+        Write-Host $usage
     }
     default {
         Write-Host "Invalid command. Use 'help' to see available commands."
-        Write-Host $help
+        Write-Host $usage
     }
 }