docs: add Material for MkDocs documentation site (English + Japanese)
Add a documentation website under website/, built from README.md and README-Japanese.md and laid out with top-tab topics and a left sidebar (same style as the Hayabusa docs). Designed to be hosted free on GitHub Pages. - Pages: Overview (About, Features, Screenshots), Getting Started, Commands (Command List, Command Usage), Resources (Companion Projects, Other Resources, Changelog, Contributing) - Custom landing page, theme, click-to-zoom screenshots - Changelog synced from CHANGELOG.md at build time - 15-language switcher via mkdocs-static-i18n: English + Japanese full content; the other 13 localize the UI and fall back to English until translated - .github/workflows/docs.yml builds (mkdocs --strict) + deploys to GitHub Pages Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
After Width: | Height: | Size: 107 KiB |
|
After Width: | Height: | Size: 395 KiB |
|
After Width: | Height: | Size: 392 KiB |
|
After Width: | Height: | Size: 924 KiB |
|
After Width: | Height: | Size: 926 KiB |
|
After Width: | Height: | Size: 100 KiB |
|
After Width: | Height: | Size: 367 KiB |
|
After Width: | Height: | Size: 401 KiB |
@@ -0,0 +1,5 @@
|
||||
# コマンド一覧
|
||||
- `audit-settings`: Windowsイベントログ監査ポリシー設定を評価する
|
||||
- `audit-filesize`: Windowsイベントログファイルサイズを評価する
|
||||
- `configure`: 推奨のWindowsイベントログ監査ポリシーとファイズサイズを設定する
|
||||
- `update-rules`: WELAのSigmaルール設定ファイルを更新する
|
||||
@@ -0,0 +1,5 @@
|
||||
# Command List
|
||||
- `audit-settings`: Check Windows event log audit policy settings.
|
||||
- `audit-filesize`: Check Windows event log file size.
|
||||
- `configure`: Configure recommended Windows event log audit policy and file size.
|
||||
- `update-rules`: Update WELA's Sigma rules config files.
|
||||
@@ -0,0 +1,55 @@
|
||||
# コマンド使用例
|
||||
## audit-settings
|
||||
`audit-settings`コマンドは、Windowsイベントログ監査ポリシー設定を評価し、[Yamato Security](https://github.com/Yamato-Security/EnableWindowsLogSettings)、[Microsoft(Sever/Client)](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/audit-policy-recommendations)、[Australian Signals Directorate (ASD)](https://www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/system-monitoring/windows-event-logging-and-forwarding)の推奨設定と比較します。
|
||||
RuleCountは、そのカテゴリ内のイベントを検出できる[Sigmaルール](https://github.com/SigmaHQ/sigma)の数を示します。
|
||||
|
||||
#### `audit-settings` command examples
|
||||
YamatoSecurityの推奨設定でチェックし、CSV形式で保存する:
|
||||
```
|
||||
./WELA.ps1 audit-settings -Baseline YamatoSecurity
|
||||
```
|
||||
|
||||
Australian Signals Directorateの推奨設定でチェックし、CSV形式で保存する:
|
||||
```
|
||||
./WELA.ps1 audit-settings -Baseline ASD
|
||||
```
|
||||
|
||||
Microsoftの推奨設定(Server)でチェックし、GUI形式で表示する:
|
||||
```
|
||||
./WELA.ps1 audit-settings -Baseline Microsoft_Server -OutType gui
|
||||
```
|
||||
|
||||
Microsoftの推奨設定(Client)でチェックし、Table形式で表示する:
|
||||
```
|
||||
./WELA.ps1 audit-settings -Baseline Microsoft_Client -OutType table
|
||||
```
|
||||
|
||||
## audit-filesize
|
||||
`audit-filesize`コマンドは、Windowsイベントログファイルサイズを評価し、Yamato Securityの推奨設定と比較します。
|
||||
|
||||
#### `audit-filesize` command examples
|
||||
WindowsイベントログファイルサイズをYamatoSecurityの推奨設定でチェックし、CSV形式で保存する:
|
||||
```
|
||||
./WELA.ps1 audit-filesize -Baseline YamatoSecurity
|
||||
```
|
||||
|
||||
## configure
|
||||
`configure`コマンドは、推奨のWindowsイベントログ監査ポリシーとファイルサイズを設定します。
|
||||
|
||||
#### `configure` command examples
|
||||
Yamato Securityの推奨設定を適用する(設定変更時に確認プロンプトを表示):
|
||||
```
|
||||
./WELA.ps1 configure -Baseline YamatoSecurity
|
||||
```
|
||||
|
||||
Australian Signals Directorateの推奨設定を自動で適用する:
|
||||
```
|
||||
./WELA.ps1 configure -Baseline ASD -auto
|
||||
```
|
||||
|
||||
## update-rules
|
||||
#### `update-rules` command examples
|
||||
WELAのSigmaルール設定ファイルを更新する:
|
||||
```
|
||||
./WELA.ps1 update-rules
|
||||
```
|
||||
@@ -0,0 +1,55 @@
|
||||
# Command Usage
|
||||
## audit-settings
|
||||
The `audit-settings` command checks the Windows event log audit policy settings and compares them with the recommended settings from [Yamato Security](https://github.com/Yamato-Security/EnableWindowsLogSettings), [Microsoft(Sever/Client)](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/audit-policy-recommendations), and [Australian Signals Directorate (ASD)](https://www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/system-monitoring/windows-event-logging-and-forwarding).
|
||||
`RuleCount` indicates the number of [Sigma rules](https://github.com/SigmaHQ/sigma) that can detect events within that category.
|
||||
|
||||
### `audit-settings` command examples
|
||||
Check with the default Yamato Security's recommended settings and save results to CSV:
|
||||
```
|
||||
./WELA.ps1 audit-settings -Baseline YamatoSecurity
|
||||
```
|
||||
|
||||
Check with the Australian Signals Directorate's recommended settings and save results to CSV:
|
||||
```
|
||||
./WELA.ps1 audit-settings -Baseline ASD
|
||||
```
|
||||
|
||||
Check with Microsoft's recommended Server OS settings and display results in a GUI:
|
||||
```
|
||||
./WELA.ps1 audit-settings -Baseline Microsoft_Server -OutType gui
|
||||
```
|
||||
|
||||
Check with Microsoft's recommended Client OS settings and display results in table format:
|
||||
```
|
||||
./WELA.ps1 audit-settings -Baseline Microsoft_Client -OutType table
|
||||
```
|
||||
|
||||
## audit-filesize
|
||||
The `audit-filesize` command checks the Windows event logs' file size and compares them with the recommended settings from Yamato Security's recommendations.
|
||||
|
||||
### `audit-filesize` command examples
|
||||
Check the Windows event log file size with Yamato Security's recommendations and save results to CSV:
|
||||
```
|
||||
./WELA.ps1 audit-filesize -Baseline YamatoSecurity
|
||||
```
|
||||
|
||||
## configure
|
||||
The `configure` command sets the recommended Windows event log audit policy and file size.
|
||||
|
||||
#### `configure` command examples
|
||||
Apply Yamato Security's recommended settings (with confirmation prompt before changing settings):
|
||||
```
|
||||
./WELA.ps1 configure -Baseline YamatoSecurity
|
||||
```
|
||||
|
||||
Apply Australian Signals Directorate's recommended settings without confirmation prompt:
|
||||
```
|
||||
./WELA.ps1 configure -Baseline ASD -auto
|
||||
```
|
||||
|
||||
## update-rules
|
||||
#### `update-rules` command examples
|
||||
Update WELA's Sigma rules config files:
|
||||
```
|
||||
./WELA.ps1 update-rules
|
||||
```
|
||||
@@ -0,0 +1,14 @@
|
||||
# はじめに
|
||||
|
||||
## 前提要件
|
||||
* PowerShell 5.1+
|
||||
* PowerShellをAdministrator権限で実行する
|
||||
|
||||
## ダウンロード
|
||||
|
||||
[リリースページ](https://github.com/Yamato-Security/wela/releases)から最新の安定版WELAをダウンロードしてください。
|
||||
|
||||
## WELAの実行
|
||||
1. [release zip file](https://github.com/Yamato-Security/wela/releases)を展開する。
|
||||
2. **Administrator権限**でPowerShellを開く。
|
||||
3. `./WELA.ps1 help`を実行する
|
||||
@@ -0,0 +1,14 @@
|
||||
# Getting Started
|
||||
|
||||
## Prerequisites
|
||||
* Windows PowerShell 5.1 or PowerShell Core
|
||||
* Running PowerShell with Administrator privileges
|
||||
|
||||
## Downloads
|
||||
|
||||
Please download the latest stable version of WELA from the [Releases](https://github.com/Yamato-Security/wela/releases) page.
|
||||
|
||||
## Running WELA
|
||||
1. Unzip the [release zip file](https://github.com/Yamato-Security/wela/releases).
|
||||
2. Open PowerShell with **Administrator privileges**.
|
||||
3. `./WELA.ps1 help` to run WELA and see the help usage.
|
||||
@@ -0,0 +1,100 @@
|
||||
---
|
||||
hide:
|
||||
- navigation
|
||||
- toc
|
||||
---
|
||||
|
||||
<div class="hb-hero" markdown>
|
||||
|
||||
{ .hb-logo }
|
||||
|
||||
<p class="hb-tagline">
|
||||
<strong>WELA</strong>(Windows Event Log Analyzer、ゑ羅)は、
|
||||
<a href="https://github.com/Yamato-Security">Yamato Security</a> によって作られた、
|
||||
<strong>Windows イベントログの設定を監査する</strong>ためのツールです。Windows イベントログは
|
||||
DFIR における重要な情報源です。WELA は、本当に必要なイベントが記録されているかを確認するのに役立ちます。
|
||||
</p>
|
||||
|
||||
<div class="hb-cta" markdown>
|
||||
[はじめる :material-rocket-launch:](getting-started/index.md){ .md-button .md-button--primary }
|
||||
[コマンド一覧 :material-console:](commands/index.md){ .md-button }
|
||||
[GitHub で見る :fontawesome-brands-github:](https://github.com/Yamato-Security/WELA){ .md-button }
|
||||
</div>
|
||||
|
||||
<p class="hb-badges">
|
||||
<a href="https://github.com/Yamato-Security/WELA/releases"><img src="https://img.shields.io/github/v/release/Yamato-Security/WELA?color=blue&label=Stable%20Version&style=flat"/></a>
|
||||
<a href="https://github.com/Yamato-Security/WELA/releases"><img src="https://img.shields.io/github/downloads/Yamato-Security/WELA/total?style=flat&label=GitHub%F0%9F%A6%85Downloads&color=blue"/></a>
|
||||
<a href="https://github.com/Yamato-Security/WELA/stargazers"><img src="https://img.shields.io/github/stars/Yamato-Security/WELA?style=flat&label=GitHub%F0%9F%A6%85Stars"/></a>
|
||||
<a href="https://github.com/Yamato-Security/WELA/blob/main/LICENSE"><img src="https://img.shields.io/badge/License-MIT-blue.svg?style=flat"/></a>
|
||||
<a href="https://conference.auscert.org.au/speaker/fukusuke-takahashi/"><img src="https://img.shields.io/badge/AUSCERT-2025-blue"></a>
|
||||
<a href="https://www.infosec-city.com/sin-25"><img src="https://img.shields.io/badge/SINCON-2025-blue"></a>
|
||||
<a href="https://codeblue.jp/program/time-table/day2-t3-02/"><img src="https://img.shields.io/badge/CODE%20BLUE-2025-blue"></a>
|
||||
<a href="https://twitter.com/SecurityYamato"><img src="https://img.shields.io/twitter/follow/SecurityYamato?style=social"/></a>
|
||||
</p>
|
||||
|
||||
</div>
|
||||
|
||||
---
|
||||
|
||||
## WELA の特徴
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- :material-clipboard-check:{ .lg .middle } __監査ポリシー設定の監査__
|
||||
|
||||
---
|
||||
|
||||
Windows イベントログの**監査ポリシー設定**を監査し、必要なイベントが記録されているか確認します。
|
||||
|
||||
- :material-book-check:{ .lg .middle } __ガイドラインに基づく確認__
|
||||
|
||||
---
|
||||
|
||||
主要な Windows イベントログ監査設定の**ガイドライン**に基づいてチェックします。
|
||||
|
||||
- :material-shield-search:{ .lg .middle } __Sigma 検知可能性__
|
||||
|
||||
---
|
||||
|
||||
実際の **Sigma ルールの検知可能性**に基づいて設定を評価します。ログで攻撃を検知できますか?
|
||||
|
||||
- :material-file-cog:{ .lg .middle } __ファイルサイズの監査__
|
||||
|
||||
---
|
||||
|
||||
Windows イベントログの**ファイルサイズ**を監査し、推奨サイズを提案します。
|
||||
|
||||
- :material-cog-play:{ .lg .middle } __自動設定__
|
||||
|
||||
---
|
||||
|
||||
`configure` コマンドで、**推奨**の監査ポリシーとログファイルサイズを適用します。
|
||||
|
||||
- :material-chart-box:{ .lg .middle } __柔軟な出力__
|
||||
|
||||
---
|
||||
|
||||
結果をターミナル・GUI・テーブル、または **MITRE ATT&CK Navigator** のヒートマップで表示できます。
|
||||
|
||||
</div>
|
||||
|
||||
## クイックリンク
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- __:material-book-open-variant: はじめての方へ__
|
||||
|
||||
まずは[概要](overview/index.md)を読み、[はじめる](getting-started/index.md)で
|
||||
WELA のインストールと実行を行いましょう。
|
||||
|
||||
- __:material-console-line: CLI を使う__
|
||||
|
||||
[コマンド一覧](commands/index.md)と[コマンド使用例](commands/usage.md)
|
||||
(`audit-settings`・`audit-filesize`・`configure`・`update-rules`)をご覧ください。
|
||||
|
||||
- __:material-puzzle: さらに活用する__
|
||||
|
||||
[関連プロジェクト](resources/companion-projects.md)、[変更履歴](resources/changelog.md)、
|
||||
[貢献方法](resources/contributing.md)を見てみましょう。
|
||||
|
||||
</div>
|
||||
@@ -0,0 +1,101 @@
|
||||
---
|
||||
hide:
|
||||
- navigation
|
||||
- toc
|
||||
---
|
||||
|
||||
<div class="hb-hero" markdown>
|
||||
|
||||
{ .hb-logo }
|
||||
|
||||
<p class="hb-tagline">
|
||||
<strong>WELA</strong> (Windows Event Log Analyzer, ゑ羅), created by
|
||||
<a href="https://github.com/Yamato-Security">Yamato Security</a>, is a tool for
|
||||
<strong>auditing Windows event log settings</strong>. Windows event logs are a vital source of
|
||||
information for DFIR — WELA helps you make sure you are actually recording the events that matter.
|
||||
</p>
|
||||
|
||||
<div class="hb-cta" markdown>
|
||||
[Get Started :material-rocket-launch:](getting-started/index.md){ .md-button .md-button--primary }
|
||||
[Command Reference :material-console:](commands/index.md){ .md-button }
|
||||
[View on GitHub :fontawesome-brands-github:](https://github.com/Yamato-Security/WELA){ .md-button }
|
||||
</div>
|
||||
|
||||
<p class="hb-badges">
|
||||
<a href="https://github.com/Yamato-Security/WELA/releases"><img src="https://img.shields.io/github/v/release/Yamato-Security/WELA?color=blue&label=Stable%20Version&style=flat"/></a>
|
||||
<a href="https://github.com/Yamato-Security/WELA/releases"><img src="https://img.shields.io/github/downloads/Yamato-Security/WELA/total?style=flat&label=GitHub%F0%9F%A6%85Downloads&color=blue"/></a>
|
||||
<a href="https://github.com/Yamato-Security/WELA/stargazers"><img src="https://img.shields.io/github/stars/Yamato-Security/WELA?style=flat&label=GitHub%F0%9F%A6%85Stars"/></a>
|
||||
<a href="https://github.com/Yamato-Security/WELA/blob/main/LICENSE"><img src="https://img.shields.io/badge/License-MIT-blue.svg?style=flat"/></a>
|
||||
<a href="https://conference.auscert.org.au/speaker/fukusuke-takahashi/"><img src="https://img.shields.io/badge/AUSCERT-2025-blue"></a>
|
||||
<a href="https://www.infosec-city.com/sin-25"><img src="https://img.shields.io/badge/SINCON-2025-blue"></a>
|
||||
<a href="https://codeblue.jp/program/time-table/day2-t3-02/"><img src="https://img.shields.io/badge/CODE%20BLUE-2025-blue"></a>
|
||||
<a href="https://twitter.com/SecurityYamato"><img src="https://img.shields.io/twitter/follow/SecurityYamato?style=social"/></a>
|
||||
</p>
|
||||
|
||||
</div>
|
||||
|
||||
---
|
||||
|
||||
## Why WELA?
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- :material-clipboard-check:{ .lg .middle } __Audit log policy settings__
|
||||
|
||||
---
|
||||
|
||||
Audit your Windows event log **audit policy settings** to confirm the right events are being logged.
|
||||
|
||||
- :material-book-check:{ .lg .middle } __Based on guidelines__
|
||||
|
||||
---
|
||||
|
||||
Checks against the **major Windows event log audit configuration guidelines**.
|
||||
|
||||
- :material-shield-search:{ .lg .middle } __Sigma detectability__
|
||||
|
||||
---
|
||||
|
||||
Evaluates your settings against **real-world Sigma rule detectability** — will your logs actually catch attacks?
|
||||
|
||||
- :material-file-cog:{ .lg .middle } __File-size auditing__
|
||||
|
||||
---
|
||||
|
||||
Audits Windows event log **file sizes** and suggests recommended sizes.
|
||||
|
||||
- :material-cog-play:{ .lg .middle } __Auto-configure__
|
||||
|
||||
---
|
||||
|
||||
Apply the **recommended** audit policy and log file sizes with the `configure` command.
|
||||
|
||||
- :material-chart-box:{ .lg .middle } __Flexible output__
|
||||
|
||||
---
|
||||
|
||||
View results in the terminal, a GUI, a table, or as a **MITRE ATT&CK Navigator** heatmap.
|
||||
|
||||
</div>
|
||||
|
||||
## Quick links
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- __:material-book-open-variant: New here?__
|
||||
|
||||
Start with the [Overview](overview/index.md), then head to
|
||||
[Getting Started](getting-started/index.md) to install and run WELA.
|
||||
|
||||
- __:material-console-line: Working with the CLI?__
|
||||
|
||||
Browse the [Command List](commands/index.md) and the [Command Usage](commands/usage.md)
|
||||
reference (`audit-settings`, `audit-filesize`, `configure`, `update-rules`).
|
||||
|
||||
- __:material-puzzle: Going further?__
|
||||
|
||||
Explore the [Companion Projects](resources/companion-projects.md), the
|
||||
[Changelog](resources/changelog.md), and how to
|
||||
[contribute](resources/contributing.md).
|
||||
|
||||
</div>
|
||||
@@ -0,0 +1,6 @@
|
||||
# 機能
|
||||
- Windows Event Log Audit policyに対する評価
|
||||
- 主要なWindowsイベントログ監査設定ガイドに基づくチェック
|
||||
- Windows Event Logの監査設定を、実際のSigmaルールの検知範囲に基づいて評価
|
||||
- Windows Event Logのファイルサイズを監査し、推奨サイズを提案
|
||||
- 推奨されるWindowsイベントログ監査ポリシーとファイルサイズの設定
|
||||
@@ -0,0 +1,6 @@
|
||||
# Features
|
||||
- Auditing Windows event log audit policy settings.
|
||||
- Checking **based on the major Windows event log audit configuration guidelines**.
|
||||
- Checking Windows event log audit settings based on **real-world Sigma rule detectability**.
|
||||
- Auditing of Windows event log file sizes and suggestions for the recommended size.
|
||||
- Setting recommended Windows event log audit policy and file sizes.
|
||||
@@ -0,0 +1,6 @@
|
||||
# WELAについて
|
||||
**WELA(Windows Event Log Analyzer、ゑ羅)** は、Windowsイベントログの設定とログサイズを監査するツールです。
|
||||
Windowsイベントログは、DFIR(デジタルフォレンジックおよびインシデント対応)に不可欠な情報源であり、システムの動作やセキュリティイベントを可視化します。
|
||||
**しかし、デフォルト設定では、不十分なログサイズ、監査設定によって、脅威の検知漏れを引き起こす**可能性があります。
|
||||
WELAはこうした課題を洗い出し、Windowsイベントログ設定改善のための実用的な提案を行います。
|
||||
また、**実際のSigmaルールの検知範囲に基づいてWindowsイベントログ設定を評価**し、現状の設定で何が検知できるかを把握できます。
|
||||
@@ -0,0 +1,6 @@
|
||||
# About WELA
|
||||
**WELA (Windows Event Log Analyzer, ゑ羅)** is a tool for auditing Windows event log settings.
|
||||
Windows event logs are a vital source of information for Digital Forensics and Incident Response (DFIR), providing visibility into system activity and security events.
|
||||
**Unfortunately, default configurations often lead to problems such as limited log retention, insufficient audit policies, and blind spots that reduce detection capability**.
|
||||
WELA helps uncover these weaknesses and offers practical recommendations to improve audit settings and enhance security visibility.
|
||||
WELA also assesses log configurations **based on real-world Sigma rule coverage**, allowing users to evaluate what can or cannot be detected under current the settings.
|
||||
@@ -0,0 +1,21 @@
|
||||
# スクリーンショット
|
||||
|
||||
## スタートアップ
|
||||

|
||||
|
||||
## audit-settings (stdout)
|
||||

|
||||
## audit-settings (gui)
|
||||

|
||||
|
||||
## audit-settings (table)
|
||||

|
||||
|
||||
## audit-settings (mitre-attack-navigator)
|
||||

|
||||
|
||||
## audit-filesize
|
||||

|
||||
|
||||
## configure
|
||||

|
||||
@@ -0,0 +1,21 @@
|
||||
# Screenshots
|
||||
|
||||
## Startup Help Menu
|
||||

|
||||
|
||||
## audit-settings (terminal output)
|
||||

|
||||
## audit-settings (GUI)
|
||||

|
||||
|
||||
## audit-settings (table)
|
||||

|
||||
|
||||
## audit-settings (mitre-attack-navigator)
|
||||

|
||||
|
||||
## audit-filesize
|
||||

|
||||
|
||||
## configure
|
||||

|
||||
@@ -0,0 +1,31 @@
|
||||
# 変更履歴
|
||||
|
||||
!!! info "情報"
|
||||
このページはプロジェクトの [`CHANGELOG.md`](https://github.com/Yamato-Security/WELA/blob/main/CHANGELOG-Japanese.md) を反映したものです。ダウンロードは [リリースページ](https://github.com/Yamato-Security/WELA/releases) をご覧ください。
|
||||
|
||||
## 2.1.0 [2026/02/13] - Winter Release
|
||||
|
||||
**バグ修正:**
|
||||
|
||||
- 設定によりドメインコントローラのNetlogonが破損する可能性があった。 (#243) (@fukusuket) (この件を報告してくれた@feiglein74に感謝!)
|
||||
|
||||
## 2.0.0 [2025/11/16] - CODE BLUE リリース
|
||||
|
||||
**新機能:**
|
||||
|
||||
- MITRE ATT&CK Navigatorヒートマップに対応した。 (#11) (@fukusuket)
|
||||
- Windows設定を様々なベースラインに構成するための`configure`コマンドを追加した。 (#12) (@fukusuket)
|
||||
- Defender for Identityの必要なログに対応した。 (#114) (@fukusuket)
|
||||
|
||||
**バグ修正:**
|
||||
|
||||
- ルールカウントの一部が正確ではなかった。 (#99) (@fukusuket)
|
||||
- タスクスケジューラのログ設定が正確に報告されていなかった。 (#100 (@fukusuket))
|
||||
|
||||
## 1.0.0 [2025/05/20] - AUSCERT/SINCON リリース
|
||||
|
||||
**新機能:**
|
||||
|
||||
- `audit-settings`: Windows Event Log audit policy settingsをチェックする
|
||||
- `audit-filesize`: Windows Event Logファイルサイズをチェックする
|
||||
- `update-rules`: WELAのSigmaルール設定ファイルを更新する
|
||||
@@ -0,0 +1,31 @@
|
||||
# Changelog
|
||||
|
||||
!!! info
|
||||
This page mirrors the project [`CHANGELOG.md`](https://github.com/Yamato-Security/WELA/blob/main/CHANGELOG.md). See the [Releases page](https://github.com/Yamato-Security/WELA/releases) for downloads.
|
||||
|
||||
## 2.1.0 [2026/02/13] - Winter Release
|
||||
|
||||
**Bug Fixes:**
|
||||
|
||||
- Configuration might break Netlogon on Domain Controllers. (#243) (@fukusuket) (Thanks to @feiglein74 for reporting this!)
|
||||
|
||||
## 2.0.0 [2025/11/16] - CODE BLUE Release
|
||||
|
||||
**New Features:**
|
||||
|
||||
- Support for MITRE ATT&CK Navigator heatmaps. (#11) (@fukusuket)
|
||||
- Added a `configure` command to configure Windows settings to various baselines. (#12) (@fukusuket)
|
||||
- Support for Defender for Identity required logs. (#114) (@fukusuket)
|
||||
|
||||
**Bug Fixes:**
|
||||
|
||||
- Some of the rule count was not accurate. (#99) (@fukusuket)
|
||||
- TaskScheduler log settings were not accurately reported. (#100) (@fukusuket))
|
||||
|
||||
## 1.0.0 [2025/05/20] - AUSCERT/SINCON Release
|
||||
|
||||
**New Features:**
|
||||
|
||||
- `audit-settings`: Check Windows Event Log audit policy settings.
|
||||
- `audit-filesize`: Check Windows Event Log file size.
|
||||
- `update-rules`: Update WELA's Sigma rules config files.
|
||||
@@ -0,0 +1,5 @@
|
||||
# 関連プロジェクト
|
||||
|
||||
* [EnableWindowsLogSettings](https://github.com/Yamato-Security/EnableWindowsLogSettings) Yamato SecurityのWindowsイベントログ設定ガイド
|
||||
* [EventLog-Baseline-Guide](https://github.com/Yamato-Security/EventLog-Baseline-Guide) Sigmaルールと主要なガイドにおける検知ギャップを可視化するツール
|
||||
* [WELA-RulesGenerator](https://github.com/Yamato-Security/WELA-RulesGenerator) WELAのSigmaルール関連設定ファイルを生成するためのツール
|
||||
@@ -0,0 +1,5 @@
|
||||
# Companion Projects
|
||||
|
||||
* [EnableWindowsLogSettings](https://github.com/Yamato-Security/EnableWindowsLogSettings): Yamato Security's Windows Event Log Configuration Guide.
|
||||
* [EventLog-Baseline-Guide](https://github.com/Yamato-Security/EventLog-Baseline-Guide): A tool to visualize detection gaps in Sigma rules and major guides.
|
||||
* [WELA-RulesGenerator](https://github.com/Yamato-Security/WELA-RulesGenerator): A tool for generating WELA's Sigma rule-related config files.
|
||||
@@ -0,0 +1,30 @@
|
||||
# 貢献とサポート
|
||||
|
||||
## 貢献
|
||||
|
||||
わたしたちは、どんな形でも貢献を歓迎します。
|
||||
プルリクエスト、ルール作成、サンプルログの提供が最も歓迎されますが、バグの報告や機能リクエストなども大歓迎です。
|
||||
|
||||
少なくとも、**私たちのツールやリソースが気に入ったら、GitHubでスターをつけて応援してください!**
|
||||
|
||||
## 不具合の報告
|
||||
|
||||
* 不具合の報告は、[こちら](https://github.com/Yamato-Security/wela/issues/new?assignees=&labels=bug&template=bug_report.md&title=%5Bbug%5D)からお願いします。
|
||||
* このプロジェクトは現在も積極的にメンテナンスされており、バグの報告や機能のリクエストは大歓迎です。
|
||||
|
||||
## ライセンス
|
||||
|
||||
* WELAは、[MITライセンス](https://opensource.org/licenses/MIT)のもとでリリースされています。
|
||||
|
||||
## 貢献者
|
||||
|
||||
* Fukusuke Takahashi (コア開発者)
|
||||
* Zach Mathis (プロジェクトリーダー, ツールデザイン, テスト, など...) (@yamatosecurity)
|
||||
|
||||
## 謝辞
|
||||
|
||||
* [Australian Cyber Security Centre: Windows event logging and forwarding](https://www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/system-monitoring/windows-event-logging-and-forwarding)
|
||||
* [Microsoft: Advanced security auditing FAQ](https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/advanced-security-auditing-faq)
|
||||
* [SigmaHQ](https://github.com/SigmaHQ/sigma)
|
||||
|
||||
## X
|
||||
@@ -0,0 +1,30 @@
|
||||
# Contributing & Support
|
||||
|
||||
## Contributions
|
||||
|
||||
We would love any form of contribution.
|
||||
Pull requests are the best, but feature requests notifying us of bugs, etc... through issues are also very welcome.
|
||||
|
||||
At the least, **if you like our tools and resources, then please give us a star on GitHub and show your support!**
|
||||
|
||||
## Bug Submission
|
||||
|
||||
* Please submit any bugs you find [here.](https://github.com/Yamato-Security/wela/issues/new?assignees=&labels=bug&template=bug_report.md&title=%5Bbug%5D)
|
||||
* This project is currently actively maintained, and we are happy to fix any bugs reported.
|
||||
|
||||
## License
|
||||
|
||||
* WELA is released under the [MIT License](https://opensource.org/licenses/MIT).
|
||||
|
||||
## Contributors
|
||||
|
||||
* Fukusuke Takahashi (core developer)
|
||||
* Zach Mathis (project leader, tool design, testing, etc...) (@yamatosecurity)
|
||||
|
||||
## Acknowledgements
|
||||
|
||||
* [Australian Cyber Security Centre: Windows event logging and forwarding](https://www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/system-monitoring/windows-event-logging-and-forwarding)
|
||||
* [Microsoft: Advanced security auditing FAQ](https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/advanced-security-auditing-faq)
|
||||
* [SigmaHQ](https://github.com/SigmaHQ/sigma)
|
||||
|
||||
## Twitter
|
||||
@@ -0,0 +1,9 @@
|
||||
# Windowsイベントログの監査設定に関するその他の参考資料
|
||||
|
||||
* [A Data-Driven Approach to Windows Advanced Audit Policy – What to Enable and Why](https://www.splunk.com/en_us/blog/security/windows-audit-policy-guide.html)
|
||||
* [Audit Policy Recommendations](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/audit-policy-recommendations)
|
||||
* [Configure audit policies for Windows event logs](https://learn.microsoft.com/en-us/defender-for-identity/deploy/configure-windows-event-collection)
|
||||
* [EnableWindowsLogSettings](https://github.com/Yamato-Security/EnableWindowsLogSettings)
|
||||
* [Windows event logging and forwarding](https://www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/system-monitoring/windows-event-logging-and-forwarding)
|
||||
* [mdecrevoisier/Windows-auditing-baseline](https://github.com/mdecrevoisier/Windows-auditing-baseline)
|
||||
* [palantir/windows-event-forwarding](https://github.com/palantir/windows-event-forwarding/tree/master/group-policy-objects)
|
||||
@@ -0,0 +1,9 @@
|
||||
# Other Windows Event Log Audit Settings Related Resources
|
||||
|
||||
* [A Data-Driven Approach to Windows Advanced Audit Policy – What to Enable and Why](https://www.splunk.com/en_us/blog/security/windows-audit-policy-guide.html)
|
||||
* [Audit Policy Recommendations](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/audit-policy-recommendations)
|
||||
* [Configure audit policies for Windows event logs](https://learn.microsoft.com/en-us/defender-for-identity/deploy/configure-windows-event-collection)
|
||||
* [EnableWindowsLogSettings](https://github.com/Yamato-Security/EnableWindowsLogSettings)
|
||||
* [Windows event logging and forwarding](https://www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/system-monitoring/windows-event-logging-and-forwarding)
|
||||
* [mdecrevoisier/Windows-auditing-baseline](https://github.com/mdecrevoisier/Windows-auditing-baseline)
|
||||
* [palantir/windows-event-forwarding](https://github.com/palantir/windows-event-forwarding/tree/master/group-policy-objects)
|
||||
@@ -0,0 +1,125 @@
|
||||
/* =========================================================================
|
||||
Hayabusa docs — custom theme (falcon blue + amber)
|
||||
========================================================================= */
|
||||
|
||||
/* ---- Custom primary / accent palette (theme.palette primary: custom) ---- */
|
||||
[data-md-color-primary="custom"] {
|
||||
--md-primary-fg-color: #163b6b;
|
||||
--md-primary-fg-color--light: #2a5694;
|
||||
--md-primary-fg-color--dark: #0e2747;
|
||||
--md-primary-bg-color: #ffffff;
|
||||
--md-primary-bg-color--light: #ffffffb3;
|
||||
}
|
||||
|
||||
[data-md-color-accent="custom"] {
|
||||
--md-accent-fg-color: #e8851a;
|
||||
--md-accent-fg-color--transparent:#e8851a1a;
|
||||
--md-accent-bg-color: #ffffff;
|
||||
--md-accent-bg-color--light: #ffffffb3;
|
||||
}
|
||||
|
||||
/* Light scheme: tasteful blue links */
|
||||
[data-md-color-scheme="default"] {
|
||||
--md-typeset-a-color: #1d5fb8;
|
||||
}
|
||||
|
||||
/* Dark scheme: lighten header + links for contrast */
|
||||
[data-md-color-scheme="slate"] {
|
||||
--md-primary-fg-color: #12233b;
|
||||
--md-typeset-a-color: #6ea8fe;
|
||||
--md-accent-fg-color: #ffa53b;
|
||||
}
|
||||
|
||||
/* ---- Top tabs: a touch bolder so main topics read as primary nav ---- */
|
||||
.md-tabs__link {
|
||||
font-weight: 600;
|
||||
opacity: 0.92;
|
||||
}
|
||||
.md-tabs__link--active {
|
||||
opacity: 1;
|
||||
}
|
||||
|
||||
/* Subtle header gradient */
|
||||
.md-header {
|
||||
background: linear-gradient(90deg, var(--md-primary-fg-color--dark), var(--md-primary-fg-color));
|
||||
}
|
||||
.md-tabs {
|
||||
background: var(--md-primary-fg-color);
|
||||
}
|
||||
|
||||
/* Slightly wider content for the dense command reference tables */
|
||||
.md-grid {
|
||||
max-width: 68rem;
|
||||
}
|
||||
|
||||
/* =========================================================================
|
||||
Landing-page hero
|
||||
========================================================================= */
|
||||
.hb-hero {
|
||||
text-align: center;
|
||||
padding: 2.4rem 0 1.2rem;
|
||||
}
|
||||
.hb-hero img.hb-logo {
|
||||
width: min(420px, 80%);
|
||||
margin: 0 auto 1rem;
|
||||
}
|
||||
.hb-hero .hb-tagline {
|
||||
font-size: 1.15rem;
|
||||
line-height: 1.6;
|
||||
max-width: 46rem;
|
||||
margin: 0 auto 1.4rem;
|
||||
color: var(--md-default-fg-color--light);
|
||||
}
|
||||
.hb-badges {
|
||||
margin: 0.4rem 0 1.4rem;
|
||||
}
|
||||
.hb-badges img {
|
||||
margin: 2px;
|
||||
vertical-align: middle;
|
||||
}
|
||||
.hb-cta {
|
||||
display: flex;
|
||||
gap: 0.6rem;
|
||||
justify-content: center;
|
||||
flex-wrap: wrap;
|
||||
margin-bottom: 1rem;
|
||||
}
|
||||
.hb-cta .md-button {
|
||||
margin: 0.2rem;
|
||||
}
|
||||
|
||||
/* =========================================================================
|
||||
Grid cards (feature highlights on the home page)
|
||||
========================================================================= */
|
||||
.md-typeset .grid.cards > ul > li {
|
||||
border-radius: 0.5rem;
|
||||
transition: border-color 160ms ease, box-shadow 160ms ease, transform 160ms ease;
|
||||
}
|
||||
.md-typeset .grid.cards > ul > li:hover {
|
||||
border-color: var(--md-accent-fg-color);
|
||||
box-shadow: 0 4px 16px rgba(0, 0, 0, 0.10);
|
||||
transform: translateY(-2px);
|
||||
}
|
||||
.md-typeset .grid.cards .lg.middle {
|
||||
color: var(--md-accent-fg-color);
|
||||
}
|
||||
|
||||
/* =========================================================================
|
||||
Misc readability tweaks
|
||||
========================================================================= */
|
||||
/* Screenshots get a light frame + zoom affordance */
|
||||
.md-typeset img:not(.hb-logo):not(.twemoji):not([src*="img.shields.io"]):not([src*="badge"]) {
|
||||
border-radius: 6px;
|
||||
box-shadow: 0 1px 6px rgba(0, 0, 0, 0.18);
|
||||
}
|
||||
|
||||
/* Wrap wide tables instead of overflowing oddly */
|
||||
.md-typeset table:not([class]) {
|
||||
display: table;
|
||||
width: 100%;
|
||||
}
|
||||
|
||||
/* Inline code a little calmer */
|
||||
.md-typeset code {
|
||||
border-radius: 4px;
|
||||
}
|
||||