Merge pull request #102 from Yamato-Security/99-print-zero

fix: correct rule count initialization
2025-12-15 21:52:51 +01:00 · 2025-10-05 13:34:22 +08:00
parent c7ad3c0dcf b648fdb676
commit b73787e3e1
4 changed files with 22 additions and 10 deletions
--- a/.github/workflows/check-audit.yml
+++ b/.github/workflows/check-audit.yml
@@ -9,7 +9,7 @@ jobs:
  build:
    strategy:
      matrix:
-        os: [windows-2019, windows-2022, windows-2025]
+        os: [windows-latest, windows-2022, windows-2025]
    runs-on: ${{ matrix.os }}
    steps:
      - uses: actions/checkout@v4
--- a/CHANGELOG-Japanese.md
+++ b/CHANGELOG-Japanese.md
@@ -1,4 +1,10 @@
-# 初期リリース
+# CHANGELOG
+
+## 2.0.0 [2025/11/16] - CODE BLUE リリース
+
+**バグ修正:**
+
+- ルールカウントの一部が正確ではなかった。 (#99) (@fukusuket)

 ## 1.0.0 [2025/05/20] - AUSCERT/SINCON リリース

--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,10 @@
-# Initial Release
+# CHANGELOG
+
+## 2.0.0 [2025/11/16] - CODE BLUE Release
+
+**Bug Fixes:**
+
+- Some of the rule count was not accurate. (#99) (@fukusuket)

 ## 1.0.0 [2025/05/20] - AUSCERT/SINCON Release

--- a/WELA.ps1
+++ b/WELA.ps1
@@ -350,7 +350,7 @@ function GuideYamatoSecurity
    # NTLM Operational
    $guid    = ""
    $eids     = @()
-    $channels = @("Microsoft-Windows-Diagnosis-Scripted/Operational")
+    $channels = @("Microsoft-Windows-NTLM/Operational")
    $enabled  = $true
    $rules    = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
    $rules    | ForEach-Object { $_.applicable = $enabled }
@@ -1545,7 +1545,7 @@ function GuideASD {
    # NTLM Operational
    $guid    = ""
    $eids     = @()
-    $channels = @("Microsoft-Windows-Diagnosis-Scripted/Operational")
+    $channels = @("Microsoft-Windows-NTLM/Operational")
    $enabled  = $true
    $rules    = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
    $rules    | ForEach-Object { $_.applicable = $enabled }
@@ -2743,7 +2743,7 @@ function GuideMSC {
    # NTLM Operational
    $guid    = ""
    $eids     = @()
-    $channels = @("Microsoft-Windows-Diagnosis-Scripted/Operational")
+    $channels = @("Microsoft-Windows-NTLM/Operational")
    $enabled  = $true
    $rules    = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
    $rules    | ForEach-Object { $_.applicable = $enabled }
@@ -3941,7 +3941,7 @@ function GuideMSS {
    # NTLM Operational
    $guid    = ""
    $eids     = @()
-    $channels = @("Microsoft-Windows-Diagnosis-Scripted/Operational")
+    $channels = @("Microsoft-Windows-NTLM/Operational")
    $enabled  = $true
    $rules    = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
    $rules    | ForEach-Object { $_.applicable = $enabled }
@@ -5046,10 +5046,10 @@ function AuditLogSetting {
        $ruleCounts = ""
        foreach ($level in [WELA]::Levels) {
            $count = $_.RulesCount[$level]
+            if (-not $count) {
+                $count = 0
+            }
            if ($level -eq "informational") {
-                if (-not $count) {
-                    $count = 0
-                }
                $ruleCounts += "info:$([string]$count)"
            } else {
                $ruleCounts += "$($level):$($count), "