From b7bc934aa5232436f23bf25ce96d86a31c90f310 Mon Sep 17 00:00:00 2001
From: fukusuket <41001169+fukusuket@users.noreply.github.com>
Date: Thu, 13 Mar 2025 23:46:46 +0900
Subject: [PATCH] update

---
 WELA.ps1 | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/WELA.ps1 b/WELA.ps1
index 27d0783e..7c9c7e0a 100644
--- a/WELA.ps1
+++ b/WELA.ps1
@@ -1,3 +1,7 @@
+# Step 1: Run the auditpol command using cmd.exe and redirect its output to a file
+$outputFilePath = "auditpol_output.txt"
+Start-Process -FilePath "cmd.exe" -ArgumentList "/c chcp 437 & auditpol /get /category:* /r" -NoNewWindow -Wait -RedirectStandardOutput $outputFilePath
+
 $logo = @"
 ┏┓┏┓┏┳━━━┳┓  ┏━━━┓
 ┃┃┃┃┃┃┏━━┫┃  ┃┏━┓┃
@@ -11,9 +15,6 @@ $logo = @"
 
 Write-Host $logo -ForegroundColor Green
 
-# Step 1: Run the auditpol command using cmd.exe and redirect its output to a file
-$outputFilePath = "auditpol_output.txt"
-Start-Process -FilePath "cmd.exe" -ArgumentList "/c chcp 437 & auditpol /get /category:* /r" -NoNewWindow -Wait -RedirectStandardOutput $outputFilePath
 $auditpolOutput = Get-Content -Path $outputFilePath
 $filteredOutput = $auditpolOutput | Select-String -NotMatch "No Auditing"
 $extractedStrings = [System.Collections.Generic.HashSet[string]]::new()
@@ -86,8 +87,6 @@ $unusablePercentages = $unusableCounts | ForEach-Object {
 
 # Step 6: Generate the required outputtotal
 $customOrder = @("critical", "high", "medium", "low", "informational")
-Write-Output "Checking event log audit settings. Please wait."
-Write-Output ""
 Write-Output "Detection rules that can be used on this system versus total possible rules:"
 $usablePercentages = $usablePercentages | Sort-Object { $customOrder.IndexOf($_.Level) }
 $usablePercentages | ForEach-Object {